Description
Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
High
Attack Requirements
None
Privileges Required
High
User Interaction
Passive
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
High
Availability (Subsequent System)
High
Scope
None
AU
None
R
Unchanged
RE
Low
U
Clear
Affected products
- Apache Software Foundation / Apache Kvrocks1.0.0 – 2.15.0