{"id":"CVE-2017-8383","details":"Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.","aliases":["GHSA-7qq6-fgpw-xw45"],"modified":"2026-03-15T22:19:11.696481Z","published":"2017-05-01T06:59:00.220Z","references":[{"type":"ADVISORY","url":"https://craftcms.com/changelog#2-6-2976"},{"type":"ADVISORY","url":"https://twitter.com/CraftCMS/status/857743080224473088"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/craftcms/cms","events":[{"introduced":"0"},{"last_affected":"acc2834334804160e8da362c3e9d47c315e8f03e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.2974"}]}}],"versions":["0.9.0-alpha.2229","0.9.0-alpha.2231","0.9.0-alpha.2232","0.9.2063","0.9.2064","0.9.2065","0.9.2068","0.9.2071","0.9.2078","0.9.2079","0.9.2080","0.9.2081","0.9.2083","0.9.2084","0.9.2090","0.9.2092","0.9.2094","0.9.2100","0.9.2101","0.9.2102","0.9.2103","0.9.2104","0.9.2106","0.9.2112","0.9.2114","0.9.2115","0.9.2116","0.9.2117","0.9.2123","0.9.2124","0.9.2127","0.9.2131","0.9.2133","0.9.2135","0.9.2136","0.9.2137","0.9.2146","0.9.2151","0.9.2157","0.9.2163","0.9.2164","0.9.2165","0.9.2167","0.9.2168","0.9.2177","0.9.2181","0.9.2184","0.9.2189","0.9.2193","0.9.2194","0.9.2199","0.9.2200","0.9.2201","0.9.2202","0.9.2204","0.9.2205","0.9.2211","0.9.2213","0.9.2214","0.9.2216","0.9.2218","0.9.2219","0.9.2222","0.9.2235","0.9.2240","0.9.2243","0.9.2246","0.9.2260","0.9.2262","1.0.0-alpha.2233","1.0.0-alpha.2234","1.0.0-alpha.2236","1.0.0-alpha.2237","1.0.0-alpha.2238","1.0.0-alpha.2241","1.0.0-alpha.2242","1.0.0-alpha.2244","1.0.0-alpha.2245","1.0.0-alpha.2247","1.0.0-alpha.2248","1.0.0-alpha.2249","1.0.2266","1.0.2267","1.0.2270","1.0.2273","1.0.2274","1.0.2275","1.0.2277","1.0.2278","1.0.2280","1.1.0-alpha.2282","1.1.0-alpha.2283","1.1.0-alpha.2284","1.1.0-alpha.2285","1.1.0-alpha.2288","1.1.2291","1.1.2293","1.1.2298","1.1.2300","1.1.2302","1.1.2304","1.1.2305","1.1.2313","1.1.2314","1.1.2321","1.2.0-alpha.2310","1.2.0-alpha.2312","1.2.0-alpha.2316","1.2.0-alpha.2318","1.2.0-alpha.2319","1.2.0-alpha.2322","1.2.0-alpha.2323","1.2.0-alpha.2324","1.2.0-alpha.2328","1.2.0-alpha.2329","1.2.0-alpha.2332","1.2.2333","1.2.2335","1.2.2336","1.2.2337","1.2.2339","1.2.2358","1.2.2363","1.2.2367","1.2.2371","1.2.2375","1.2.2387","1.2.2392","1.2.2396","1.2.2399","1.3.0-alpha.2361","1.3.0-alpha.2366","1.3.0-alpha.2372","1.3.0-alpha.2374","1.3.0-alpha.2377","1.3.0-alpha.2378","1.3.0-alpha.2380","1.3.0-alpha.2388","1.3.0-alpha.2394","1.3.0-alpha.2397","1.3.0-alpha.2401","1.3.0-alpha.2402","1.3.0-alpha.2405","1.3.0-alpha.2464","1.3.2409","1.3.2410","1.3.2415","1.3.2416","1.3.2418","1.3.2419","1.3.2420","1.3.2422","1.3.2456","1.3.2459","1.3.2461","1.3.2462","1.3.2465","1.3.2473","1.3.2485","1.3.2486","1.3.2487","1.3.2494","1.3.2496","1.3.2507","1.4.0-alpha.2469","1.4.0-alpha.2470","1.4.0-alpha.2471","1.4.0-alpha.2476","1.4.0-alpha.2478","1.4.0-alpha.2479","1.4.0-alpha.2482","1.4.0-alpha.2484","1.4.0-alpha.2488","1.4.0-alpha.2489","1.4.0-alpha.2490","1.4.0-alpha.2491","1.4.0-alpha.2492","1.4.0-alpha.2493","1.4.0-alpha.2495","1.4.0-alpha.2497","1.4.0-alpha.2498","1.4.0-alpha.2499","1.4.0-alpha.2500","1.4.0-alpha.2502","1.4.0-alpha.2503","1.4.0-alpha.2505","1.4.0-alpha.2506","1.4.0-alpha.2509","1.4.0-alpha.2512","1.4.0-alpha.2513","1.4.0-alpha.2519","1.4.0-alpha.2521","2.0.2524","2.0.2525","2.0.2527","2.0.2528","2.0.2532","2.0.2533","2.0.2535","2.0.2536","2.0.2537","2.0.2538","2.0.2539","2.0.2540","2.0.2541","2.0.2542","2.0.2543","2.0.2548","2.0.2549","2.0.2551","2.1.0-alpha.2546","2.1.0-alpha.2547","2.1.0-alpha.2552","2.1.2554","2.1.2555","2.1.2556","2.1.2557","2.1.2559","2.1.2561","2.1.2562","2.1.2563","2.1.2564","2.1.2566","2.1.2568","2.1.2569","2.1.2570","2.2.0-alpha.2572","2.2.0-alpha.2575","2.2.0-alpha.2578","2.2.2579","2.2.2581","2.2.2582","2.2.2586","2.2.2587","2.2.2588","2.2.2589","2.2.2590","2.2.2591","2.2.2592","2.2.2593","2.2.2596","2.2.2598","2.2.2601","2.2.2604","2.2.2607","2.3.0-alpha.2600","2.3.0-alpha.2602","2.3.0-alpha.2603","2.3.0-alpha.2605","2.3.0-alpha.2606","2.3.0-alpha.2608","2.3.0-alpha.2610","2.3.0-alpha.2612","2.3.0-alpha.2645","2.3.2615","2.3.2616","2.3.2617","2.3.2618","2.3.2620","2.3.2621","2.3.2623","2.3.2624","2.3.2625","2.3.2626","2.3.2627","2.3.2629","2.3.2632","2.3.2635","2.3.2636","2.3.2639","2.3.2640","2.3.2641","2.3.2642","2.3.2643","2.3.2644","2.4.2664","2.4.2666","2.4.2667","2.4.2668","2.4.2669","2.4.2670","2.4.2675","2.4.2677","2.4.2679","2.4.2682","2.4.2684","2.4.2688","2.4.2691","2.4.2692","2.4.2693","2.4.2695","2.4.2696","2.4.2697","2.4.2698","2.4.2699","2.4.2700","2.4.2701","2.4.2702","2.4.2723","2.4.2725","2.4.2726","2.5.0-beta.2713","2.5.0-beta.2715","2.5.0-beta.2716","2.5.0-beta.2717","2.5.0-beta.2720","2.5.0-beta.2722","2.5.0-beta.2724","2.5.0-beta.2727","2.5.0-beta.2740","2.5.2750","2.5.2752","2.5.2753","2.5.2754","2.5.2755","2.5.2757","2.5.2759","2.5.2760","2.5.2761","2.5.2762","2.5.2763","2.5.2765","2.5.2767","2.6.2771","2.6.2773","2.6.2774","2.6.2776","2.6.2778","2.6.2779","2.6.2780","2.6.2781","2.6.2783","2.6.2784","2.6.2785","2.6.2788","2.6.2789","2.6.2791","2.6.2793","2.6.2794","2.6.2795","2.6.2796","2.6.2797","2.6.2798","2.6.2804","2.6.2903","2.6.2911","2.6.2916","2.6.2922","2.6.2923","2.6.2929","2.6.2930","2.6.2931","2.6.2940","2.6.2944","2.6.2945","2.6.2949","2.6.2950","2.6.2951","2.6.2952","2.6.2953","2.6.2954","2.6.2955","2.6.2956","2.6.2957","2.6.2958","2.6.2959","2.6.2960","2.6.2961","2.6.2962","2.6.2963","2.6.2964","2.6.2965","2.6.2966","2.6.2967","2.6.2968","2.6.2969","2.6.2970","2.6.2971","2.6.2972","2.6.2973","2.6.2974"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8383.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}