CVE-2018-17060: Improper Access Control in Telerik Extensions

May 13, 2022 (updated June 29, 2022)

Telerik Extensions for ASP.NET MVC (all versions) does not allow list requests, which can allow a remote attacker to access files inside the server’s web directory. NOTE: this product has been obsolete since June 2013.

References

github.com/advisories/GHSA-8h7p-qjv8-9mp4
nvd.nist.gov/vuln/detail/CVE-2018-17060
www.telerik.com/support/code-library/security-alert-for-the-obsolete-telerik-extensions-for-asp-net-mvc

Code Behaviors & Features

Detect and mitigate CVE-2018-17060 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →