CVE-2014-2858

Grails Resources Plugin 1.0.0-1.2.5 - Directory Traversal via Configured Block

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531281/100/0/threaded
Vendor Advisory x_refsource_confirm
http://www.gopivotal.com/security/cve-2014-0053
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html

Scores

EPSS 0.0299
EPSS Percentile 85.7%

Details

CWE
CWE-22
Status published
Products (38)
gopivotal/grails 2.0.0
gopivotal/grails 2.0.1
gopivotal/grails 2.0.2
gopivotal/grails 2.0.3
gopivotal/grails 2.0.4
gopivotal/grails 2.1.0
gopivotal/grails 2.1.1
gopivotal/grails 2.1.2
gopivotal/grails 2.1.3
gopivotal/grails 2.1.4
... and 28 more
Published Apr 15, 2014
Tracked Since Feb 18, 2026