Vulnerabilities > CVE-2021-38712 - Exposure of Resource to Wrong Sphere vulnerability in Onenav 0.9.12

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

onenav

CWE-668

NVD

Published: 2021-08-16

Updated: 2021-08-24

Summary

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.

Vulnerable Configurations

Part	Description	Count
Application	Onenav Onenav Onenav 0.9.12	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://github.com/helloxz/onenav/issues/25