CVE-2019-8358 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-8358 Interim 1 16 2025-02-17T02:15:13Z current 2021-05-30T14:24:39Z 2025-02-17T02:15:13Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-8358 In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GRQA2OAAAZ2KWLGW64L6JGJYFSXJFXVL/#GRQA2OAAAZ2KWLGW64L6JGJYFSXJFXVL E-Mail link for openSUSE-SU-2019:0294-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KK62HFIQDUPOHLYUOMKFMBKWFUFL3ZIQ/#KK62HFIQDUPOHLYUOMKFMBKWFUFL3ZIQ E-Mail link for openSUSE-SU-2019:0322-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 openSUSE Leap 15.0 hiawatha-10.8.4-bp150.3.3.1 hiawatha-10.8.4-lp150.2.4.1 hiawatha-letsencrypt-10.8.4-bp150.3.3.1 hiawatha-letsencrypt-10.8.4-lp150.2.4.1 hiawatha-10.8.4-bp150.3.3.1 as a component of SUSE Package Hub 15 hiawatha-letsencrypt-10.8.4-bp150.3.3.1 as a component of SUSE Package Hub 15 hiawatha-10.8.4-lp150.2.4.1 as a component of openSUSE Leap 15.0 hiawatha-letsencrypt-10.8.4-lp150.2.4.1 as a component of openSUSE Leap 15.0 In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. CVE-2019-8358 SUSE Package Hub 15:hiawatha-10.8.4-bp150.3.3.1 SUSE Package Hub 15:hiawatha-letsencrypt-10.8.4-bp150.3.3.1 openSUSE Leap 15.0:hiawatha-10.8.4-lp150.2.4.1 openSUSE Leap 15.0:hiawatha-letsencrypt-10.8.4-lp150.2.4.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H