Vulnerabilities > CVE-2021-33359 - Files or Directories Accessible to External Parties vulnerability in Sensepost Gowitness

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sensepost

CWE-552

NVD

Published: 2021-06-09

Updated: 2021-06-17

Summary

A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.

Vulnerable Configurations

Part	Description	Count
Application	Sensepost Sensepost Gowitness - Sensepost Gowitness 1.0.0 Sensepost Gowitness 1.0.1 Sensepost Gowitness 1.0.2 Sensepost Gowitness 1.0.3 Sensepost Gowitness 1.0.4 Sensepost Gowitness 1.0.5 Sensepost Gowitness 1.0.6 Sensepost Gowitness 1.0.7 Sensepost Gowitness 1.0.8 Sensepost Gowitness 1.1.0 Sensepost Gowitness 1.2.0 Sensepost Gowitness 1.2.1 Sensepost Gowitness 1.3.0 Sensepost Gowitness 1.3.1 Sensepost Gowitness 1.3.2 Sensepost Gowitness 1.3.3 Sensepost Gowitness 1.3.4 Sensepost Gowitness 2.0.0 Sensepost Gowitness 2.1.0 Sensepost Gowitness 2.1.1 Sensepost Gowitness 2.1.2 Sensepost Gowitness 2.2.0 Sensepost Gowitness 2.2.1 Sensepost Gowitness 2.3.0 Sensepost Gowitness 2.3.1 Sensepost Gowitness 2.3.2 Sensepost Gowitness 2.3.3 Sensepost Gowitness 2.3.4 Sensepost Gowitness 2.3.5	30

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References