{"id":"CVE-2020-23995","details":"An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.","modified":"2026-04-10T04:24:52.210540Z","published":"2021-05-13T20:15:08.220Z","references":[{"type":"ADVISORY","url":"https://docu.ilias.de/goto_docu_pg_118817_35.html"},{"type":"ADVISORY","url":"https://docu.ilias.de/goto_docu_pg_122177_35.html"},{"type":"ADVISORY","url":"https://docu.ilias.de/goto_docu_pg_124761_35.html"},{"type":"FIX","url":"https://github.com/ILIAS-eLearning/ILIAS/commit/94d9b16010ec3abeae8d2cbb05622ccd999119ad"},{"type":"ARTICLE","url":"https://cwe.mitre.org/data/definitions/209.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ilias-elearning/ilias","events":[{"introduced":"0"},{"fixed":"7e936b3e570354cf151c05d4b0bff4d41fcef347"},{"introduced":"d2e2132a27c1e8c8c2874ead01d44d71b5b55338"},{"fixed":"de06b1e2bcd115e52cd2310a4b282af1b80b04a7"},{"fixed":"94d9b16010ec3abeae8d2cbb05622ccd999119ad"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.3.19"},{"introduced":"5.4.0"},{"fixed":"5.4.12"}]}}],"versions":["v5.1.0beta2","v5.3.0beta1","v5.3.0beta3","v5.3.0beta4","v5.3.16","v5.3.17","v5.3.2","v5.3.4","v5.3.5","v5.3.9","v5.4.0-beta.1","v5.4.10","v5.4.11","v5.4.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-23995.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}