CVE-2017-14614

MEDIUM

GridGain <1.7.16, <1.8.12, <1.9.7, <8.1.5 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/10/05/1

Scores

CVSS v3 6.5
EPSS 0.0157
EPSS Percentile 72.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (12)
gridgain/gridgain 8.0.0 ea1 (5 CPE variants)
gridgain/gridgain 8.0.1 (10 CPE variants)
gridgain/gridgain 8.0.2 ea1 (3 CPE variants)
gridgain/gridgain 8.0.3 ea1 (16 CPE variants)
gridgain/gridgain 8.0.4 ea1
gridgain/gridgain 8.1.1
gridgain/gridgain 8.1.2
gridgain/gridgain 8.1.3 (6 CPE variants)
gridgain/gridgain 8.1.4 (4 CPE variants)
gridgain/gridgain 1.9.1
... and 2 more
Published Oct 10, 2017
Tracked Since Feb 18, 2026