CVE-2017-1000490: Path Traversal

January 3, 2018 (updated January 12, 2018)

Any authorized Mautic user could use the Filemanager to download any file from the server that the web user has access to.

References

nvd.nist.gov/vuln/detail/CVE-2017-1000490

Detect and mitigate CVE-2017-1000490 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →