CVE-2015-8747
CRITICALRadicale < 1.1 - Unauthenticated Arbitrary File Read and Write via Multifilesystem Storage Backend
Title source: llmDescription
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
References (9)
Core 9
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/01/06/7
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/80255
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/01/05/7
Patch x_refsource_confirm
https://github.com/Unrud/Radicale/commit/bcaf452e516c02c9bed584a73736431c5e8831f1
Patch x_refsource_confirm
https://github.com/Kozea/Radicale/pull/343
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3462
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175776.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/01/06/4
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175738.html
Scores
CVSS v3
10.0
EPSS
0.0295
EPSS Percentile
85.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
pypi/Radicale
0 - 1.1PyPI
radicale/radicale
< 1.0.1
Published
Feb 03, 2016
Tracked Since
Feb 18, 2026