{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T15:24:06.558","vulnerabilities":[{"cve":{"id":"CVE-2020-15097","sourceIdentifier":"security-advisories@github.com","published":"2021-02-02T18:15:11.420","lastModified":"2024-11-21T05:04:48.143","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, a path traversal vulnerability exists. Insufficient input validation in the APIs exposed by the loklak server allowed a directory traversal vulnerability. Any admin configuration and files readable by the app available on the hosted file system can be retrieved by the attacker. Furthermore, user-controlled content could be written to any admin config and files readable by the application. This has been patched in commit 50dd692. Users will need to upgrade their hosted instances of loklak to not be vulnerable to this exploit."},{"lang":"es","value":"loklak es una aplicación de servidor de código abierto que puede recopilar mensajes de varias fuentes, incluyendo Twitter. El servidor contiene un índice de búsqueda y una interfaz de intercambio de índices de igual a igual. Todos los mensajes son almacenados en un índice elasticsearch. En loklak menor o igual al commit 5f48476, se presenta una vulnerabilidad de salto de ruta. Una comprobación insuficiente de la entrada en las API expuestas por el servidor de loklak permitió una vulnerabilidad de salto de directorio. Cualquier configuración del administrador y los archivos legibles por la aplicación disponibles en el sistema de archivos alojados pueden ser recuperados por el atacante. Además, el contenido controlado por el usuario podría escribirse en cualquier configuración de administrador y archivos legibles por la aplicación. Esto ha sido parcheado en el commit 50dd692. Los usuarios deberán actualizar sus instancias alojadas de loklak para no ser vulnerables a esta explotación"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:loklak_project:loklak:*:*:*:*:*:*:*:*","versionEndIncluding":"2020-01-22","matchCriteriaId":"80F8E47F-4BA9-44F2-9E37-1DCF5C87E690"}]}]}],"references":[{"url":"https://github.com/loklak/loklak_server/commit/50dd69230d3cd71dab0bfa7156682ffeca8ed8b9","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/loklak/loklak_server/security/advisories/GHSA-7557-4v29-rqw6","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/loklak/loklak_server/commit/50dd69230d3cd71dab0bfa7156682ffeca8ed8b9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/loklak/loklak_server/security/advisories/GHSA-7557-4v29-rqw6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}