Main Vulnerability Database SB2020100403

SB2020100403 - Path traversal in Wiki.js

Published: October 4, 2020 Updated: April 28, 2026

Security Bulletin ID SB2020100403

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Path traversal (CVE-ID: CVE-2020-15236)

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to path traversal in asset handling with storage modules implementing local asset cache when processing a specially crafted URL. A remote user can craft a special URL to read arbitrary files on the file system and disclose sensitive information.

Exploitation is only possible when a storage module implementing local asset cache is enabled, such as Local File System or Git, and when malicious URLs are not stripped before reaching the application.

Remediation

Install update from vendor's website.

SB2020100403 - Path traversal in Wiki.js

Breakdown by Severity

Description

Remediation

References

Please verify you're human