Vulnerabilities > CVE-2020-19005 - Incorrect Authorization vulnerability in Zrlog 2.1.0

CVSS 5.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

zrlog

CWE-863

NVD

Published: 2020-08-25

Updated: 2020-09-03

Summary

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.

Vulnerable Configurations

Part	Description	Count
Application	Zrlog Zrlog Zrlog 2.1.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba
https://github.com/94fzb/zrlog/issues/48