CVE-2018-13352

HIGH

TerraMaster TOS 3.1.03 - Unauthenticated Session Token Exposure via World-Readable Directory

Title source: llm
STIX 2.1

Description

Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0193
EPSS Percentile 77.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
terra-master/terramaster_operating_system 3.1.03
Published Nov 27, 2018
Tracked Since Feb 18, 2026