Impact
An attacker can exploit this vulnerability to read local files on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request.
Patches
Issue has been patched in Build 469 (v1.0.469) and v1.1.0.
Workarounds
Apply octobercms/library@80aab47 to your installation manually if unable to upgrade to Build 469.
References
Reported by ka1n4t
For more information
If you have any questions or comments about this advisory:
Threat assessment:
### References
- https://github.com/octobercms/october/security/advisories/
GHSA-xwjr-6fj7-fc6h
- https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4
- https://nvd.nist.gov/vuln/detail/
CVE-2020-15246
ka1n4t Analyst
Impact
An attacker can exploit this vulnerability to read local files on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request.
Patches
Issue has been patched in Build 469 (v1.0.469) and v1.1.0.
Workarounds
Apply octobercms/library@80aab47 to your installation manually if unable to upgrade to Build 469.
References
Reported by ka1n4t
For more information
If you have any questions or comments about this advisory:
Threat assessment:
### References - https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6h - https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4 - https://nvd.nist.gov/vuln/detail/CVE-2020-15246