Mutiny < 5.0-1.11 Multiple Directory Traversals
High Nessus Plugin ID 66497
SynopsisThe remote host contains a network monitoring application that is affected by multiple directory traversal vulnerabilities.
DescriptionThe remote server hosts a version of Mutiny prior to 5.0-1.11. It is, therefore, reportedly affected by multiple directory traversal vulnerabilities that could allow an authenticated attacker to upload, delete, and move files on the remote system with root privileges. The functions for UPLOAD, DELETE, CUT, and COPY used in the 'Documents' section of the web frontend of Mutiny are affected.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to version 5.0-1.11 or later.