Home > Vulnerability Database > CVE-2014-2858

Mend.io Vulnerability Database

CVE-2014-2858

Date: April 15, 2014

Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types.

Language: GROOVY

Severity Score

5.3

Related Resources (5)

Url: http://www.securityfocus.com/archive/1/531281/100/0/threaded

Url: http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html

Url: http://www.gopivotal.com/security/cve-2014-0053

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-2858

Url: https://www.mend.io/vulnerability-database/CVE-2014-2858

Severity Score

5.3

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-2858

Date: April 15, 2014

Language: GROOVY

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?