CVE-2019-5429

High

Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's…

hackerone·CWE-426·Published 2019-04-29

CVSS

7.8

EPSS

0.02

KEV

Exploits

cve.orgen

152 chars

Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.

NVDen

152 chars

Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.

NVDes

205 chars

Una ruta de búsqueda no fiable en FileZilla, en las versiones anteriroes a 3.41.0-rc1, permite a un atacante obtener privilegios a través de un binario malicioso 'fzsftp' en el directorio raíz del usuario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H