Vulnerabilites related to hap-wi - roxy-wi
cve-2023-29004
Vulnerability from cvelistv5
Published
2023-04-17 18:34
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/options.py and the config_file_name parameter. Successful exploitation of this vulnerability could allow an attacker with user level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root-cause of the vulnerability lies in the get_config function of the /app/modules/config/config.py file, which only checks for relative path traversal, but still allows to read files from absolute locations passed via the config_file_name parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-7qqj-xhvr-46fv | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:39.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-7qqj-xhvr-46fv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-7qqj-xhvr-46fv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "hap-wi",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.3.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/options.py and the config_file_name parameter. Successful exploitation of this vulnerability could allow an attacker with user level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root-cause of the vulnerability lies in the get_config function of the /app/modules/config/config.py file, which only checks for relative path traversal, but still allows to read files from absolute locations passed via the config_file_name parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T18:34:07.972Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-7qqj-xhvr-46fv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-7qqj-xhvr-46fv"
}
],
"source": {
"advisory": "GHSA-7qqj-xhvr-46fv",
"discovery": "UNKNOWN"
},
"title": "Path Traversal Vulnerability in hap-wi/roxy-wi "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29004",
"datePublished": "2023-04-17T18:34:07.972Z",
"dateReserved": "2023-03-29T17:39:16.142Z",
"dateUpdated": "2024-08-02T13:51:39.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31137
Vulnerability from cvelistv5
Published
2022-07-08 00:00
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-53r2-mq99-f532"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/commit/82666df1e60c45dd6aa533b01a392f015d32f755"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167805/Roxy-WI-Remote-Command-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171648/Roxy-WI-6.1.0.0-Improper-Authentication-Control.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171652/Roxy-WI-6.1.1.0-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172547/Roxy-WI-6.1.0.0-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "hap-wi",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-53r2-mq99-f532"
},
{
"url": "https://github.com/hap-wi/roxy-wi/commit/82666df1e60c45dd6aa533b01a392f015d32f755"
},
{
"url": "http://packetstormsecurity.com/files/167805/Roxy-WI-Remote-Command-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171648/Roxy-WI-6.1.0.0-Improper-Authentication-Control.html"
},
{
"url": "http://packetstormsecurity.com/files/171652/Roxy-WI-6.1.1.0-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/172547/Roxy-WI-6.1.0.0-Remote-Command-Execution.html"
}
],
"source": {
"advisory": "GHSA-53r2-mq99-f532",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Code Execution in Roxy-WI"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31137",
"datePublished": "2022-07-08T00:00:00",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31161
Vulnerability from cvelistv5
Published
2022-07-15 00:00
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-pg3w-8p63-x483"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/releases/tag/v6.1.1.0"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171652/Roxy-WI-6.1.1.0-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "hap-wi",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-pg3w-8p63-x483"
},
{
"url": "https://github.com/hap-wi/roxy-wi/releases/tag/v6.1.1.0"
},
{
"url": "http://packetstormsecurity.com/files/171652/Roxy-WI-6.1.1.0-Remote-Code-Execution.html"
}
],
"source": {
"advisory": "GHSA-pg3w-8p63-x483",
"discovery": "UNKNOWN"
},
"title": "Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31161",
"datePublished": "2022-07-15T00:00:00",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31125
Vulnerability from cvelistv5
Published
2022-07-06 00:00
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-hr76-3hxp-5mm3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171648/Roxy-WI-6.1.0.0-Improper-Authentication-Control.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "hap-wi",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-hr76-3hxp-5mm3"
},
{
"url": "http://packetstormsecurity.com/files/171648/Roxy-WI-6.1.0.0-Improper-Authentication-Control.html"
}
],
"source": {
"advisory": "GHSA-hr76-3hxp-5mm3",
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass in Roxy-wi"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31125",
"datePublished": "2022-07-06T00:00:00",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25803
Vulnerability from cvelistv5
Published
2023-03-13 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-cv9w-j9gh-5j3w"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "hap-wi",
"versions": [
{
"status": "affected",
"version": "\u003c 6.3.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-cv9w-j9gh-5j3w"
}
],
"source": {
"advisory": "GHSA-cv9w-j9gh-5j3w",
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25803",
"datePublished": "2023-03-13T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31126
Vulnerability from cvelistv5
Published
2022-07-06 17:30
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "hap-wi",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T17:30:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9"
}
],
"source": {
"advisory": "GHSA-mh86-878h-43c9",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Code Execution in Roxy-wi",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31126",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated Remote Code Execution in Roxy-wi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "roxy-wi",
"version": {
"version_data": [
{
"version_value": "\u003c 6.1.1.0"
}
]
}
}
]
},
"vendor_name": "hap-wi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9",
"refsource": "CONFIRM",
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9"
}
]
},
"source": {
"advisory": "GHSA-mh86-878h-43c9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31126",
"datePublished": "2022-07-06T17:30:13",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25804
Vulnerability from cvelistv5
Published
2023-03-15 17:39
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using a payload `../../../../../tmp/test111_dev`. This issue has been fixed in version 6.3.5.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-69j6-crq8-rrhv | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-69j6-crq8-rrhv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-69j6-crq8-rrhv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "hap-wi",
"versions": [
{
"status": "affected",
"version": "\u003c 6.3.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using a payload `../../../../../tmp/test111_dev`. This issue has been fixed in version 6.3.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T17:39:55.532Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-69j6-crq8-rrhv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-69j6-crq8-rrhv"
}
],
"source": {
"advisory": "GHSA-69j6-crq8-rrhv",
"discovery": "UNKNOWN"
},
"title": "Roxy-WI vulnerable to Limited Path Traversal in name parameter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25804",
"datePublished": "2023-03-15T17:39:55.532Z",
"dateReserved": "2023-02-15T16:34:48.772Z",
"dateUpdated": "2024-08-02T11:32:12.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25802
Vulnerability from cvelistv5
Published
2023-03-13 19:35
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m | x_refsource_CONFIRM | |
| https://github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m"
},
{
"name": "https://github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "roxy-wi",
"vendor": "hap-wi",
"versions": [
{
"status": "affected",
"version": "\u003c 6.3.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don\u0027t correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-13T19:35:11.243Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m"
},
{
"name": "https://github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67"
}
],
"source": {
"advisory": "GHSA-qcmp-q5h3-784m",
"discovery": "UNKNOWN"
},
"title": "Roxy-WI has Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25802",
"datePublished": "2023-03-13T19:35:11.243Z",
"dateReserved": "2023-02-15T16:34:48.771Z",
"dateUpdated": "2024-08-02T11:32:12.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}