CVE-2020-24925

A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
elkarbackupelkarbackup
1.3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://vyshnavvizz.blogspot.com/2020/09/sensitive-information-disclosure-source.html
https://www.elkarbackup.org/
https://vyshnavvizz.blogspot.com/2020/09/sensitive-information-disclosure-source.html
https://www.elkarbackup.org/