Home > Vulnerability Database > CVE-2008-4129

Mend.io Vulnerability Database

CVE-2008-4129

Date: September 18, 2008

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

Severity Score

4.3

Related Resources (13)

Url: http://secunia.com/advisories/32662

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45228

Url: https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html

Url: http://www.securityfocus.com/bid/31231

Url: http://secunia.com/advisories/33144

Url: http://gallery.menalto.com/gallery_1.5.9_released

Url: http://secunia.com/advisories/31912

Url: http://gallery.menalto.com/gallery_2.2.6_released

Url: http://security.gentoo.org/glsa/glsa-200811-02.xml

Url: https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4129

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-4129

Url: https://www.mend.io/vulnerability-database/CVE-2008-4129

Severity Score

4.3

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-4129

Date: September 18, 2008

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?