CVE-2021-29395
HIGHNorthstar Club Management 6.3 - Unauthenticated Path Traversal via File Manager Download Endpoint
Title source: llmDescription
Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://Ardent-Security.com
Third Party Advisory x_refsource_misc
https://ardent-security.com/en/advisory/asa-2021-03/
Scores
CVSS v3
7.5
EPSS
0.0180
EPSS Percentile
75.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
globalnorthstar/northstar_club_management
6.3
Published
Feb 04, 2022
Tracked Since
Feb 18, 2026