Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated malicious users to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prolion cryptospike 3.0.15 |