CVE-2018-14335

H2 Database 1.4.197 - Information Disclosure

H2 Database 1.4.197 - Information Disclosure - Python - RedHat

Vulnerability: Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via asymlink to a fake database file.

Score: CVSS v2.0: 4 // CVSS v3.x: 6.5

Shows on:

• HTB-Teacher

POC:

H2 Database 1.4.197 - Information DisclosureExploit Database

Resources:

CVE-2018-14335 · Issue #1294 · h2database/h2databaseGitHub

NVD - CVE-2018-14335

CVE - CVE-2018-14335