gsd-2023-7165
Vulnerability from gsd
Modified
2023-12-29 06:01
Details
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-7165"
],
"details": "The JetBackup WordPress plugin before 2.0.9.9 doesn\u0027t use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.",
"id": "GSD-2023-7165",
"modified": "2023-12-29T06:01:17.835274Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2023-7165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JetBackup",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "2.0.9.9"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"value": "WPScan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JetBackup WordPress plugin before 2.0.9.9 doesn\u0027t use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files."
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe/",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "The JetBackup WordPress plugin before 2.0.9.9 doesn\u0027t use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files."
},
{
"lang": "es",
"value": "El complemento JetBackup de WordPress anterior a 2.0.9.9 no utiliza archivos de \u00edndice para evitar la lista p\u00fablica de directorios confidenciales en ciertas configuraciones, lo que permite a actores malintencionados filtrar archivos de respaldo."
}
],
"id": "CVE-2023-7165",
"lastModified": "2024-02-27T14:20:06.637",
"metrics": {},
"published": "2024-02-27T09:15:37.247",
"references": [
{
"source": "contact@wpscan.com",
"url": "https://wpscan.com/vulnerability/ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.