Description
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/94fzb/zrlog/issues/48
Patch, Third Party Advisory x_refsource_misc
https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba
Scores
CVSS v3
5.7
EPSS
0.0019
EPSS Percentile
40.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (1)
zrlog/zrlog
2.1.0
Published
Aug 25, 2020
Tracked Since
Feb 18, 2026