CVE-2019-14671

Published: Aug 5, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/firefly-iii/firefly-iii/issues/2367

x_refsource_MISC

https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-14671

Description

Affected Products

References