Vulnerability Details CVE-2014-8082
lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://karmainsecurity.com/KIS-2014-12
- http://mantis.testlink.org/view.php?id=6651
- http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html
- http://seclists.org/fulldisclosure/2014/Oct/106
- http://www.securityfocus.com/archive/1/533799/100/0/threaded
- http://www.securityfocus.com/bid/70713
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97728
- https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569
- http://karmainsecurity.com/KIS-2014-12
- http://mantis.testlink.org/view.php?id=6651
- http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html
- http://seclists.org/fulldisclosure/2014/Oct/106
- http://www.securityfocus.com/archive/1/533799/100/0/threaded
- http://www.securityfocus.com/bid/70713
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97728
- https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569
Products affected by CVE-2014-8082
-
cpe:2.3:a:testlink:testlink:1.8.0
-
cpe:2.3:a:testlink:testlink:1.8.1
-
cpe:2.3:a:testlink:testlink:1.8.2
-
cpe:2.3:a:testlink:testlink:1.8.3
-
cpe:2.3:a:testlink:testlink:1.8.4
-
cpe:2.3:a:testlink:testlink:1.8.5
-
cpe:2.3:a:testlink:testlink:1.9.0
-
cpe:2.3:a:testlink:testlink:1.9.1
-
cpe:2.3:a:testlink:testlink:1.9.10
-
cpe:2.3:a:testlink:testlink:1.9.11
-
cpe:2.3:a:testlink:testlink:1.9.12
-
cpe:2.3:a:testlink:testlink:1.9.2
-
cpe:2.3:a:testlink:testlink:1.9.3
-
cpe:2.3:a:testlink:testlink:1.9.4
-
cpe:2.3:a:testlink:testlink:1.9.5
-
cpe:2.3:a:testlink:testlink:1.9.6
-
cpe:2.3:a:testlink:testlink:1.9.7
-
cpe:2.3:a:testlink:testlink:1.9.8
-
cpe:2.3:a:testlink:testlink:1.9.9