Urbackup: Security Vulnerabilities
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.
CVSS Score
5.3
EPSS Score
0.006
Published
2023-11-07
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application.
CVSS Score
7.5
EPSS Score
0.014
Published
2019-06-18
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.
CVSS Score
7.5
EPSS Score
0.014
Published
2019-06-07
Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVSS Score
6.1
EPSS Score
0.008
Published
2017-12-17