CVE-2019-12215
Last modified
CVE-2019-12215 is a vulnerability of currently unknown severity. A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities.. EPSS estimates a 1.23% chance of exploitation in the next 30 days.
Description
A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Matomo | Matomo | 3.9.1 |
References
- https://github.com/matomo-org/matomo/issues/14464Exploit, Third Party Advisory
- https://github.com/matomo-org/matomo/issues/14464Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-12215?
How severe is CVE-2019-12215?
How do I fix CVE-2019-12215?
Are you affected by CVE-2019-12215?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST