Home > Vulnerability Database > CVE-2014-2858

Mend.io Vulnerability Database

CVE-2014-2858

Good to know:

Date: April 15, 2014

Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types.

Language: GROOVY

Severity Score

5.3

Related Resources (5)

Url: http://www.securityfocus.com/archive/1/531281/100/0/threaded

Url: http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html

Url: http://www.gopivotal.com/security/cve-2014-0053

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-2858

Url: https://www.mend.io/vulnerability-database/CVE-2014-2858

Severity Score

5.3

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version Resources 1.2.6, Core 2.3.6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-2858

Good to know:

Date: April 15, 2014

Language: GROOVY

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?