CVE-2019-12215

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-12215
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12215.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-12215
Published
2019-05-20T16:29:01.320Z
Modified
2025-11-14T09:06:51.647160Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities.

Database specific 
{
    "isDisputed": true
}
References

Affected packages

Git / github.com/matomo-org/matomo

Affected ranges

Type
GIT
Repo
https://github.com/matomo-org/matomo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bb5abcf7d75d606984137e8b5dc9933f072a1ede

Affected versions

1.*

1.10
1.10.1
1.11
1.11-b1
1.11-b2
1.11-b3
1.11-b4
1.11-b5
1.11-b6
1.11.1
1.12
1.12-b1
1.12-b10
1.12-b11
1.12-b12
1.12-b13
1.12-b14
1.12-b15
1.12-b16
1.12-b17
1.12-b18
1.12-b19
1.12-b2
1.12-b20
1.12-b21
1.12-b22
1.12-b3
1.12-b4
1.12-b5
1.12-b6
1.12-b7
1.12-b9
1.12-rc1
1.6
1.7
1.7.1
1.8
1.8.1
1.8.2
1.8.3
1.8.4
1.9.1
1.9.2

2.*

2.0
2.0-a1
2.0-a10
2.0-a11
2.0-a13
2.0-a14
2.0-a2
2.0-a3
2.0-a4
2.0-a5
2.0-a6
2.0-a8
2.0-a9
2.0-b1
2.0-b10
2.0-b11
2.0-b12
2.0-b2
2.0-b3
2.0-b4
2.0-b5
2.0-b6
2.0-b7
2.0-b8
2.0-b9
2.0-rc1
2.0-rc2
2.0.1
2.0.1-rc1
2.0.1-rc2
2.0.2
2.0.3
2.0.3-b1
2.0.3-b2
2.0.3-b3
2.0.3-b4
2.0.3-b5
2.0.3-b6
2.0.3-b7
2.0.3-rc1
2.0.4-b1
2.0.4-b10
2.0.4-b11
2.0.4-b12
2.0.4-b2
2.0.4-b3
2.0.4-b4
2.0.4-b5
2.0.4-b6
2.0.4-b7
2.0.4-b8
2.0.4-b9
2.1-rc1
2.1-rc2
2.1-rc3
2.1-rc4
2.1-rc6
2.1-rc7
2.1-rc8
2.1.1-b1
2.1.1-b10
2.1.1-b12
2.1.1-b2
2.1.1-b3
2.1.1-b4
2.1.1-b6
2.1.1-b7
2.1.1-b8
2.1.1-b9
2.10.0
2.10.0-b1
2.10.0-b10
2.10.0-b11
2.10.0-b2
2.10.0-b3
2.10.0-b4
2.10.0-b5
2.10.0-b6
2.10.0-b7
2.10.0-b8
2.10.0-b9
2.10.0-rc1
2.10.0-rc2
2.10.0-rc3
2.10.0-rc4
2.11.0
2.11.0-b2
2.11.0-b3
2.11.0-b4
2.11.0-b5
2.11.0-b6
2.11.0-b7
2.11.0-rc1
2.11.1
2.11.1-b1
2.11.1-b2
2.11.1-b3
2.11.1-rc1
2.11.2
2.11.2-b1
2.11.2-b2
2.11.2-b3
2.11.2-rc1
2.12.0
2.12.0-b1
2.12.0-b2
2.12.0-b3
2.12.0-b4
2.12.0-b5
2.12.0-b6
2.12.0-b7
2.12.0-b8
2.12.0-rc1
2.12.0-rc2
2.12.0-rc3
2.12.1
2.12.1-b1
2.12.1-rc1
2.13.0
2.13.0-b1
2.13.0-b2
2.13.0-b3
2.13.0-rc1
2.13.0-rc2
2.13.0-rc3
2.13.1
2.14.0
2.14.0-b1
2.14.0-b10
2.14.0-b2
2.14.0-b3
2.14.0-b4
2.14.0-b5
2.14.0-b6
2.14.0-b7
2.14.0-b8
2.14.0-b9
2.14.0-rc1
2.14.0-rc2
2.14.0-rc3
2.14.0-rc4
2.14.1
2.14.1-b1
2.14.1-b2
2.14.1-rc1
2.14.2
2.14.2-b1
2.14.3
2.14.3-b1
2.15.0
2.15.0-b1
2.15.0-b10
2.15.0-b11
2.15.0-b12
2.15.0-b13
2.15.0-b14
2.15.0-b15
2.15.0-b16
2.15.0-b17
2.15.0-b18
2.15.0-b19
2.15.0-b2
2.15.0-b20
2.15.0-b3
2.15.0-b4
2.15.0-b5
2.15.0-b6
2.15.0-b7
2.15.0-b8
2.15.0-b9
2.15.0-rc1
2.15.0-rc2
2.15.0-rc3
2.15.0-rc4
2.15.0-rc5
2.15.1-b1
2.15.1-b10
2.15.1-b11
2.15.1-b2
2.15.1-b3
2.15.1-b4
2.15.1-b5
2.15.1-b6
2.15.1-b7
2.15.1-b8
2.15.1-b9
2.16.0
2.16.0-b1
2.16.0-b2
2.16.0-b3
2.16.0-b4
2.16.0-b5
2.16.0-b6
2.16.0-rc1
2.16.0-rc2
2.16.0-rc3
2.16.0-rc4
2.16.1
2.16.1-b1
2.16.1-b2
2.16.1-b3
2.16.1-rc1
2.16.1-rc2
2.16.2
2.16.2-b1
2.16.2-b2
2.16.2-b3
2.16.2-b4
2.16.2-b5
2.16.2-b6
2.16.2-rc1
2.16.2-rc2
2.16.3
2.16.3-b2
2.16.3-b3
2.16.3-b4
2.16.3-rc1
2.16.3-rc2
2.16.3-rc3
2.2.0
2.2.0-b13
2.2.0-b14
2.2.0-b15
2.2.0-b16
2.2.0-b17
2.2.0-b18
2.2.0-rc1
2.2.0-rc2
2.2.0-rc3
2.2.0-rc4
2.2.1
2.2.1-b1
2.2.1-b2
2.2.1-b3
2.2.1-b4
2.2.1-rc1
2.2.1-rc2
2.2.1-rc3
2.2.2
2.2.2-b1
2.2.3-b1
2.2.3-b2
2.2.3-b4
2.2.3-b6
2.2.3-b7
2.3.0
2.3.0-rc1
2.3.0-rc2
2.3.0-rc3
2.3.0-rc4
2.4.0
2.4.0-b2
2.4.0-b3
2.4.0-b4
2.4.0-b5
2.4.0-b6
2.4.0-b7
2.4.0-b8
2.4.0-rc1
2.4.1
2.4.1-rc1
2.5.0
2.5.0-b1
2.5.0-b2
2.5.0-b3
2.5.0-rc1
2.5.0-rc2
2.5.0-rc3
2.5.0-rc4
2.5.1-b1
2.6.0
2.6.0-b1
2.6.0-rc1
2.6.0-rc2
2.6.0-rc3
2.6.0-rc4
2.6.1
2.6.1-b1
2.7.0
2.7.0-b1
2.7.0-b3
2.7.0-b4
2.7.0-rc1
2.7.0-rc2
2.8.0
2.8.0-b1
2.8.0-b2
2.8.0-b3
2.8.0-rc1
2.8.0-rc2
2.8.1
2.8.1-b1
2.8.1-b2
2.8.1-rc1
2.8.2
2.8.3
2.9.0
2.9.0-b1
2.9.0-b2
2.9.0-b3
2.9.0-b4
2.9.0-b5
2.9.0-b6
2.9.0-b7
2.9.0-b8
2.9.0-b9
2.9.0-rc1
2.9.0-rc2
2.9.1
2.9.1-b1
2.9.1-b2

3.*

3.0.0
3.0.0-b1
3.0.0-b2
3.0.0-b3
3.0.0-b4
3.0.0-b5
3.0.0-rc1
3.0.0-rc2
3.0.0-rc3
3.0.0-rc4
3.0.1
3.0.1-b1
3.0.1-b2
3.0.1-b3
3.0.2
3.0.2-b1
3.0.2-b2
3.0.2-b3
3.0.2-b4
3.0.2-b5
3.0.2-b6
3.0.2-rc1
3.0.3
3.0.3-b1
3.0.3-b2
3.0.3-rc1
3.0.4
3.0.4-b1
3.0.4-b2
3.0.4-b3
3.0.4-rc1
3.0.4-rc2
3.0.5-b1
3.0.5-b2
3.1.0
3.1.0-rc1
3.1.1
3.1.1-b1
3.1.1-b2
3.1.1-b3
3.1.2-b1
3.1.2-b2
3.2.0
3.2.0-b3
3.2.0-b4
3.2.0-rc1
3.2.0-rc2
3.2.1
3.2.1-b1
3.2.1-b2
3.2.1-b3
3.2.1-rc1
3.3.0
3.3.0-b1
3.3.0-b2
3.3.0-rc1
3.3.0-rc2
3.3.0-rc3
3.3.1-b1
3.3.1-b2
3.3.1-b3
3.3.1-b4
3.4.0
3.4.0-rc1
3.4.0-rc2
3.5.0
3.5.0-b1
3.5.0-b2
3.5.0-b3
3.5.0-rc1
3.5.1
3.5.1-b2
3.6.0
3.6.0-b1
3.6.0-b3
3.6.0-b4
3.6.0-b5
3.6.0-rc1
3.6.0-rc2
3.6.1
3.6.1-b1
3.6.1-b2
3.6.1-b3
3.6.1-rc1
3.7.0
3.7.0-rc1
3.7.0-rc2
3.7.0-rc3
3.8.0
3.8.0-b1
3.8.0-b2
3.8.0-b4
3.8.0-b5
3.8.0-rc1
3.8.0-rc2
3.8.0-rc3
3.8.1
3.8.1-b1
3.8.1-rc1
3.9.0
3.9.0-b1
3.9.0-b2
3.9.0-b3
3.9.0-rc1
3.9.0-rc2
3.9.1
3.9.1-rc1