CWE-36
AllowedAbsolute Path Traversal
Abstraction: Base · Status: Draft
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
245 vulnerabilities reference this CWE, most recent first.
CVE-2023-36786 (GCVE-0-2023-36786)
Vulnerability from cvelistv5 – Published: 2023-10-10 17:08 – Updated: 2025-04-14 22:45- CWE-36 - Absolute Path Traversal
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Skype for Business Server 2015 CU13 |
Affected:
9319.0 , < 6.0.9319.869
(custom)
|
|
| Microsoft | Skype for Business Server 2019 CU7 |
Affected:
2046.0 , < 7.0.246.530
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:11:55.639582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:12:20.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Skype for Business Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2015 CU13",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.9319.869",
"status": "affected",
"version": "9319.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2019 CU7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.246.530",
"status": "affected",
"version": "2046.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:skype_for_business_server:*:cu13:*:*:*:*:*:*",
"versionEndExcluding": "6.0.9319.869",
"versionStartIncluding": "9319.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:skype_for_business_server:*:cu7:*:*:*:*:*:*",
"versionEndExcluding": "7.0.246.530",
"versionStartIncluding": "2046.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-10-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Skype for Business Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T22:45:49.379Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Skype for Business Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786"
}
],
"title": "Skype for Business Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36786",
"datePublished": "2023-10-10T17:08:10.444Z",
"dateReserved": "2023-06-27T15:11:59.871Z",
"dateUpdated": "2025-04-14T22:45:49.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34135 (GCVE-0-2023-34135)
Vulnerability from cvelistv5 – Published: 2023-07-13 02:37 – Updated: 2024-10-30 18:52- CWE-36 - Absolute Path Traversal
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
| https://www.sonicwall.com/support/notices/2307101… | related |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://www.sonicwall.com/support/notices/230710150218060"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T18:51:59.978476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:52:08.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GMS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "9.3.2-SP1 and earlier versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Analytics",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "2.5.0.4-R7 and earlier versions"
}
]
}
],
"datePublic": "2023-07-13T02:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T02:37:59.279Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
},
{
"tags": [
"related"
],
"url": "https://www.sonicwall.com/support/notices/230710150218060"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2023-34135",
"datePublished": "2023-07-13T02:37:59.279Z",
"dateReserved": "2023-05-25T22:45:46.852Z",
"dateUpdated": "2024-10-30T18:52:08.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32054 (GCVE-0-2023-32054)
Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2025-01-01 01:52- CWE-36 - Absolute Path Traversal
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.4645
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < 10.0.17763.4645
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.4645
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.4645
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.1850
(custom)
|
|
| Microsoft | Windows 11 version 21H2 |
Affected:
10.0.0 , < 10.0.22000.2176
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19043.0 , < 10.0.19044.3208
(custom)
|
|
| Microsoft | Windows 11 version 22H2 |
Affected:
10.0.22621.0 , < 10.0.22621.1992
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.3208
(custom)
|
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.10240.0 , < 10.0.10240.20048
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.6085
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.6085
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.6085
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.7601.0 , < 6.1.7601.26623
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.1.7601.0 , < 6.1.7601.26623
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.24374
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.24374
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:27:36.327807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:22.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Volume Shadow Copy Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4645",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4645",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4645",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4645",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.1850",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 11 version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22000.2176",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.3208",
"status": "affected",
"version": "10.0.19043.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.1992",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.3208",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20048",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6085",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6085",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6085",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26623",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26623",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24374",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24374",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.4645",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.4645",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4645",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4645",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.1850",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2176",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.3208",
"versionStartIncluding": "10.0.19043.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.1992",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.3208",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20048",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6085",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6085",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6085",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26623",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26623",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24374",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24374",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-07-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Volume Shadow Copy Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:52:50.761Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Volume Shadow Copy Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32054"
}
],
"title": "Volume Shadow Copy Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-32054",
"datePublished": "2023-07-11T17:03:15.430Z",
"dateReserved": "2023-05-01T15:34:52.139Z",
"dateUpdated": "2025-01-01T01:52:50.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30970 (GCVE-0-2023-30970)
Vulnerability from cvelistv5 – Published: 2024-01-29 18:27 – Updated: 2025-05-29 15:08- CWE-36 - The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.gotham:blackbird-witchcraft |
Affected:
* , < 104.30231002.10
(semver)
Affected: * , < 104.30231001.8 (semver) Affected: * , < 104.30230807.59 (semver) Affected: * , < 104.30230908.21 (semver) Affected: * , < 103.30230304.433 (semver) Affected: * , < 104.30230604.81 (semver) Affected: * , < 104.30231003.9 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:41.629289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:08:34.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:blackbird-witchcraft",
"vendor": "Palantir",
"versions": [
{
"lessThan": "104.30231002.10",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30231001.8",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230807.59",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230908.21",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "103.30230304.433",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230604.81",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30231003.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \"..\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as \"/abs/path\" that can resolve to a location that is outside of that directory.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T18:27:26.850Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72"
}
],
"source": {
"defect": [
"PLTRSEC-2023-37"
],
"discovery": "INTERNAL"
},
"title": "Gotham table and Forward App Path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30970",
"datePublished": "2024-01-29T18:27:26.850Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2025-05-29T15:08:34.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5390 (GCVE-0-2023-5390)
Vulnerability from cvelistv5 – Published: 2024-01-31 17:46 – Updated: 2025-05-29 15:03| Vendor | Product | Version | |
|---|---|---|---|
| Honeywell | ControlEdge UOC |
Affected:
520.2 , ≤ 520.2 TCU4
(semver)
Affected: 510.1 , ≤ 510.2 HF13 (semver) Affected: 520.1 , ≤ 520.1 TCU4 (semver) Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver) |
|
| Honeywell | ControlEdge UOC |
Affected:
520.2 , ≤ 520.2 TCU4
(semver)
Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver) Affected: 520.1 , ≤ 520.1 TCU4 (semver) |
|
| Honeywell | ControlEdge UOC |
Affected:
520.2 , ≤ 520.2 TCU4
(semver)
Affected: 520.1 , ≤ 520.1 TCU4 (semver) Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://process.honeywell.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywell.com/us/en/product-security"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:42:27.845224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:03:38.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "ControlEdge UOC",
"vendor": "Honeywell",
"versions": [
{
"changes": [
{
"at": "520.2 TCU4 HF1",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.2 TCU4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "510.2 HF14",
"status": "unaffected"
}
],
"lessThanOrEqual": "510.2 HF13",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "520.1 TCU5",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.1 TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "511.5 TCU4 HF4",
"status": "unaffected"
}
],
"lessThanOrEqual": "511.5 TCU4 HF3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX"
],
"product": "ControlEdge UOC",
"vendor": "Honeywell",
"versions": [
{
"changes": [
{
"at": "520.2 TCU4 HF2",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.2 TCU4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "511.5 TCU4 HF4",
"status": "unaffected"
}
],
"lessThanOrEqual": "511.5 TCU4 HF3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "520.1 TCU5",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.1 TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PlantCruise by Experion"
],
"product": "ControlEdge UOC",
"vendor": "Honeywell",
"versions": [
{
"changes": [
{
"at": "520.2 TCU4 HF2",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.2 TCU4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "520.1 TCU5",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.1 TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "511.5 TCU4 HF4",
"status": "unaffected"
}
],
"lessThanOrEqual": "511.5 TCU4 HF3",
"status": "affected",
"version": "520.2 TCU4 HFR2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product.\u0026nbsp;See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n\u003cbr\u003e"
}
],
"value": "An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T19:56:46.965Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://process.honeywell.com"
},
{
"url": "https://www.honeywell.com/us/en/product-security"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-5390",
"datePublished": "2024-01-31T17:46:39.809Z",
"dateReserved": "2023-10-04T17:50:05.792Z",
"dateUpdated": "2025-05-29T15:03:38.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5115 (GCVE-0-2023-5115)
Vulnerability from cvelistv5 – Published: 2023-12-18 13:43 – Updated: 2025-11-20 17:29- CWE-36 - Absolute Path Traversal
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:5701 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:5758 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2023-5115 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2233810 | issue-trackingx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2023… | x_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Ansible Automation Platform 2.3 for RHEL 8 |
Unaffected:
0:2.14.11-1.el8ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9 cpe:/a:redhat:ansible_automation_platform:2.3::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8 cpe:/a:redhat:ansible_automation_platform:2.3::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.3 for RHEL 9 |
Unaffected:
0:2.14.11-1.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9 cpe:/a:redhat:ansible_automation_platform:2.3::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8 cpe:/a:redhat:ansible_automation_platform:2.3::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected:
0:2.15.5-1.el8ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 9 |
Unaffected:
0:2.15.5-1.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 1.2 |
cpe:/a:redhat:ansible_automation_platform |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:5701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5701"
},
{
"name": "RHSA-2023:5758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5758"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5115"
},
{
"name": "RHBZ#2233810",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.14.11-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.14.11-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.15.5-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.15.5-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform"
],
"defaultStatus": "affected",
"packageName": "ansible",
"product": "Red Hat Ansible Automation Platform 1.2",
"vendor": "Red Hat"
}
],
"datePublic": "2023-09-21T19:33:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T17:29:54.523Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:5701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5701"
},
{
"name": "RHSA-2023:5758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5758"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5115"
},
{
"name": "RHBZ#2233810",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-23T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-21T19:33:00.000Z",
"value": "Made public."
}
],
"title": "Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files",
"x_redhatCweChain": "CWE-36: Absolute Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5115",
"datePublished": "2023-12-18T13:43:07.791Z",
"dateReserved": "2023-09-21T19:29:27.130Z",
"dateUpdated": "2025-11-20T17:29:54.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5022 (GCVE-0-2023-5022)
Vulnerability from cvelistv5 – Published: 2023-09-17 05:31 – Updated: 2025-06-18 14:36- CWE-36 - Absolute Path Traversal
| URL | Tags |
|---|---|
| https://vuldb.com/?id.239863 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.239863 | signaturepermissions-required |
| https://github.com/bayuncao/DEDEcms | broken-link |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.239863"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.239863"
},
{
"tags": [
"broken-link",
"x_transferred"
],
"url": "https://github.com/bayuncao/DEDEcms"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:35:05.808111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:36:45.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DedeCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.6"
},
{
"status": "affected",
"version": "5.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "bayuncao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863."
},
{
"lang": "de",
"value": "In DedeCMS bis 5.7.100 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /include/dialog/select_templets_post.php. Durch Manipulieren des Arguments activepath mit unbekannten Daten kann eine absolute path traversal-Schwachstelle ausgenutzt werden."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:59:16.406Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.239863"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.239863"
},
{
"tags": [
"broken-link"
],
"url": "https://github.com/bayuncao/DEDEcms"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-16T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-12T14:42:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "DedeCMS select_templets_post.php absolute path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5022",
"datePublished": "2023-09-17T05:31:04.908Z",
"dateReserved": "2023-09-16T07:52:05.094Z",
"dateUpdated": "2025-06-18T14:36:45.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4172 (GCVE-0-2023-4172)
Vulnerability from cvelistv5 – Published: 2023-08-05 23:00 – Updated: 2024-08-02 07:17- CWE-36 - Absolute Path Traversal
| URL | Tags |
|---|---|
| https://vuldb.com/?id.236207 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.236207 | signaturepermissions-required |
| https://github.com/nagenanhai/cve/blob/main/duqu2.md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Chengdu | Flash Flood Disaster Monitoring and Warning System |
Affected:
2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.236207"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.236207"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/nagenanhai/cve/blob/main/duqu2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Flash Flood Disaster Monitoring and Warning System",
"vendor": "Chengdu",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "xiafine (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \\Service\\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei \\Service\\FileHandler.ashx. Durch Manipulation des Arguments FileDirectory mit unbekannten Daten kann eine absolute path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T08:24:39.988Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.236207"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.236207"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/nagenanhai/cve/blob/main/duqu2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-08-05T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-08-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-30T08:13:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "Chengdu Flash Flood Disaster Monitoring and Warning System FileHandler.ashx absolute path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4172",
"datePublished": "2023-08-05T23:00:05.984Z",
"dateReserved": "2023-08-05T06:39:30.085Z",
"dateUpdated": "2024-08-02T07:17:12.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3765 (GCVE-0-2023-3765)
Vulnerability from cvelistv5 – Published: 2023-07-19 00:53 – Updated: 2024-10-24 18:25- CWE-36 - Absolute Path Traversal
| Vendor | Product | Version | |
|---|---|---|---|
| mlflow | mlflow/mlflow |
Affected:
unspecified , < 2.5.0
(custom)
|
|
| lfprojects | mlflow |
Affected:
0 , < 2.5.0
(custom)
cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mlflow",
"vendor": "lfprojects",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3765",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:17:22.471484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:25:35.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mlflow/mlflow",
"vendor": "mlflow",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T00:53:33.969Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76"
},
{
"url": "https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b"
}
],
"source": {
"advisory": "4be5fd63-8a0a-490d-9ee1-f33dc768ed76",
"discovery": "EXTERNAL"
},
"title": "Absolute Path Traversal in mlflow/mlflow"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3765",
"datePublished": "2023-07-19T00:53:33.969Z",
"dateReserved": "2023-07-19T00:53:20.894Z",
"dateUpdated": "2024-10-24T18:25:35.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2765 (GCVE-0-2023-2765)
Vulnerability from cvelistv5 – Published: 2023-05-17 16:31 – Updated: 2024-08-02 06:33- CWE-36 - Absolute Path Traversal
| URL | Tags |
|---|---|
| https://vuldb.com/?id.229270 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.229270 | signaturepermissions-required |
| https://github.com/eckert-lcc/cve/blob/main/Weave… | exploit |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.229270"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.229270"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/eckert-lcc/cve/blob/main/Weaver%20oa.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OA",
"vendor": "Weaver",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.2"
},
{
"status": "affected",
"version": "9.3"
},
{
"status": "affected",
"version": "9.4"
},
{
"status": "affected",
"version": "9.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "eckert-lcc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Weaver OA bis 9.5 wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /E-mobile/App/System/File/downfile.php. Durch Manipulieren des Arguments url mit unbekannten Daten kann eine absolute path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T06:27:02.236Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.229270"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.229270"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/eckert-lcc/cve/blob/main/Weaver%20oa.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-05-17T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-10T10:55:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "Weaver OA downfile.php absolute path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2765",
"datePublished": "2023-05-17T16:31:03.333Z",
"dateReserved": "2023-05-17T16:05:00.734Z",
"dateUpdated": "2024-08-02T06:33:05.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-597: Absolute Path Traversal
An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as ".." to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access.