BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bscw | Fraunhofer_fit | * | 4.0.2_beta |
Bscw | Fraunhofer_fit | 3.3.1 | 3.3.1 |
Bscw | Fraunhofer_fit | 3.3 | 3.3 |
Bscw | Fraunhofer_fit | 3.4.1 | 3.4.1 |
Bscw | Fraunhofer_fit | 3.4.3 | 3.4.3 |
Bscw | Fraunhofer_fit | 4.0.1_beta | 4.0.1_beta |