Common Weakness Enumeration

CWE-23

Allowed

Relative Path Traversal

Abstraction: Base · Status: Draft

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

778 vulnerabilities reference this CWE, most recent first.

CVE-2024-2053 (GCVE-0-2024-2053)

Vulnerability from cvelistv5 – Published: 2024-03-05 18:56 – Updated: 2025-02-13 17:32
VLAI
Title
Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
Summary
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
AHA
Impacted products
Vendor Product Version
Artica Tech Artica Proxy Affected: 4.50
Affected: 4.40
Create a notification for this product.
articatech artica_proxy Affected: 4.50
    cpe:2.3:a:articatech:artica_proxy:4.50:*:*:*:*:*:*:*
Create a notification for this product.
articatech artica_proxy Affected: 4.40
    cpe:2.3:a:articatech:artica_proxy:4.40:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-03-05 18:00
Credits
Jaggar Henry of KoreLogic, Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:03:38.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/11"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:articatech:artica_proxy:4.50:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "artica_proxy",
            "vendor": "articatech",
            "versions": [
              {
                "status": "affected",
                "version": "4.50"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:articatech:artica_proxy:4.40:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "artica_proxy",
            "vendor": "articatech",
            "versions": [
              {
                "status": "affected",
                "version": "4.40"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-2053",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T14:50:53.590592Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:43.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Artica Proxy",
          "vendor": "Artica Tech",
          "versions": [
            {
              "status": "affected",
              "version": "4.50"
            },
            {
              "status": "affected",
              "version": "4.40"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jaggar Henry of KoreLogic, Inc."
        }
      ],
      "datePublic": "2024-03-05T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the \"www-data\" user. This issue was demonstrated on version 4.50 of the\u0026nbsp;The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the \"www-data\" user.\u003cbr\u003e"
            }
          ],
          "value": "The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the \"www-data\" user. This issue was demonstrated on version 4.50 of the\u00a0The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the \"www-data\" user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-05T19:00:10.450Z",
        "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
        "shortName": "AHA"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/11"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
    "assignerShortName": "AHA",
    "cveId": "CVE-2024-2053",
    "datePublished": "2024-03-05T18:56:10.796Z",
    "dateReserved": "2024-03-01T02:03:05.828Z",
    "dateUpdated": "2025-02-13T17:32:33.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0550 (GCVE-0-2024-0550)

Vulnerability from cvelistv5 – Published: 2024-02-28 04:52 – Updated: 2024-08-22 19:40
VLAI
Title
Privileged User using traversal to read system files
Summary
A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
mintplex-labs mintplex-labs/anything-llm Affected: unspecified , < 1.0.0 (custom)
Create a notification for this product.
mintplexlabs anythingllm Affected: 0 , < 1.0.0 (custom)
    cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:11:35.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anythingllm",
            "vendor": "mintplexlabs",
            "versions": [
              {
                "lessThan": "1.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0550",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-28T19:53:01.818884Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-22T19:40:03.830Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mintplex-labs/anything-llm",
          "vendor": "mintplex-labs",
          "versions": [
            {
              "lessThan": "1.0.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files.\n\nThe attacker would have to have been granted privileged permissions to the system before executing this attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-28T04:52:21.831Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6"
        },
        {
          "url": "https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17"
        }
      ],
      "source": {
        "advisory": "c6afeb5e-f211-4b3d-aa4b-6bad734217a6",
        "discovery": "EXTERNAL"
      },
      "title": "Privileged User using traversal to read system files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-0550",
    "datePublished": "2024-02-28T04:52:21.831Z",
    "dateReserved": "2024-01-15T00:56:12.183Z",
    "dateUpdated": "2024-08-22T19:40:03.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0549 (GCVE-0-2024-0549)

Vulnerability from cvelistv5 – Published: 2024-04-16 00:00 – Updated: 2024-08-01 18:11
VLAI
Title
Relative Path Traversal in mintplex-labs/anything-llm
Summary
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
mintplex-labs mintplex-labs/anything-llm Affected: unspecified , < 1.0.0 (custom)
Create a notification for this product.
mintplexlabs anythingllm Affected: 0 , < 1.0.0 (custom)
    cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anythingllm",
            "vendor": "mintplexlabs",
            "versions": [
              {
                "lessThan": "1.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0549",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T17:08:21.915452Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T16:33:03.406Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:11:35.275Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mintplex-labs/anything-llm",
          "vendor": "mintplex-labs",
          "versions": [
            {
              "lessThan": "1.0.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as \u0027anythingllm.db\u0027. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-16T11:10:49.469Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72"
        },
        {
          "url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62"
        }
      ],
      "source": {
        "advisory": "fcb4001e-0290-4b78-a2f0-91ee5d20cc72",
        "discovery": "EXTERNAL"
      },
      "title": "Relative Path Traversal in mintplex-labs/anything-llm"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-0549",
    "datePublished": "2024-04-16T00:00:14.132Z",
    "dateReserved": "2024-01-15T00:30:28.942Z",
    "dateUpdated": "2024-08-01T18:11:35.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0335 (GCVE-0-2024-0335)

Vulnerability from cvelistv5 – Published: 2024-04-03 18:53 – Updated: 2024-09-19 17:35
VLAI
Title
Malformed Packet Handling
Summary
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
ABB
Impacted products
Vendor Product Version
ABB Symphony Plus S+ Operations Affected: 3..0;0 , ≤ 3.3 SP1 RU4 (custom)
Affected: 2.1;0 , ≤ 2.1 SP2 RU3 (custom)
Affected: 2.0;0 , ≤ 2.0 SP6 TC6 (custom)
Create a notification for this product.
ABB Symphony Plus S+ Engineering Affected: 2.1 , ≤ 2.3 RU3 (custom)
Create a notification for this product.
ABB Symphony Plus S+ Analyst Affected: 7.0.0.0 , ≤ 7.2.0.2 (custom)
Create a notification for this product.
abb symphony_plus_s\+_operations Affected: 3.3 , ≤ 3.3_sp1_ru4 (custom)
    cpe:2.3:a:abb:symphony_plus_s\+_operations:3.3:*:*:*:*:*:*:*
Create a notification for this product.
abb symphony_plus_s\+_operations Affected: 2.1 , ≤ 2.1_sp2_ru3 (custom)
    cpe:2.3:a:abb:symphony_plus_s\+_operations:2.1:*:*:*:*:*:*:*
Create a notification for this product.
abb symphony_plus_s\+_operations Affected: 2.0 , ≤ 2.0_sp6_tc6 (custom)
    cpe:2.3:a:abb:symphony_plus_s\+_operations:2.0:*:*:*:*:*:*:*
Create a notification for this product.
abb symphony_plus_s\+_engineering Affected: 2.1 , ≤ 2.3_ru3 (custom)
    cpe:2.3:a:abb:symphony_plus_s\+_engineering:*:*:*:*:*:*:*:*
Create a notification for this product.
abb symphony_plus_s\+_analyst Affected: 7.0.0.0 , ≤ 7.2.0.2 (custom)
    cpe:2.3:a:abb:symphony_plus_s\+_analyst:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-02 18:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:abb:symphony_plus_s\\+_operations:3.3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "symphony_plus_s\\+_operations",
            "vendor": "abb",
            "versions": [
              {
                "lessThanOrEqual": "3.3_sp1_ru4",
                "status": "affected",
                "version": "3.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:abb:symphony_plus_s\\+_operations:2.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "symphony_plus_s\\+_operations",
            "vendor": "abb",
            "versions": [
              {
                "lessThanOrEqual": "2.1_sp2_ru3",
                "status": "affected",
                "version": "2.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:abb:symphony_plus_s\\+_operations:2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "symphony_plus_s\\+_operations",
            "vendor": "abb",
            "versions": [
              {
                "lessThanOrEqual": "2.0_sp6_tc6",
                "status": "affected",
                "version": "2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:abb:symphony_plus_s\\+_engineering:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "symphony_plus_s\\+_engineering",
            "vendor": "abb",
            "versions": [
              {
                "lessThanOrEqual": "2.3_ru3",
                "status": "affected",
                "version": "2.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:abb:symphony_plus_s\\+_analyst:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "symphony_plus_s\\+_analyst",
            "vendor": "abb",
            "versions": [
              {
                "lessThanOrEqual": "7.2.0.2",
                "status": "affected",
                "version": "7.0.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0335",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T14:10:59.134745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T14:31:30.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:04:49.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Symphony Plus S+ Operations",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.3 SP1 RU4",
              "status": "affected",
              "version": "3..0;0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.1 SP2 RU3",
              "status": "affected",
              "version": "2.1;0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.0 SP6 TC6",
              "status": "affected",
              "version": "2.0;0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Symphony Plus S+ Engineering",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "2.3 RU3",
              "status": "affected",
              "version": "2.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Symphony Plus S+ Analyst",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "7.2.0.2",
              "status": "affected",
              "version": "7.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-02T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\n\nThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-19T17:35:29.362Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Malformed Packet Handling",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-0335",
    "datePublished": "2024-04-03T18:53:25.236Z",
    "dateReserved": "2024-01-09T09:25:52.692Z",
    "dateUpdated": "2024-09-19T17:35:29.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50255 (GCVE-0-2023-50255)

Vulnerability from cvelistv5 – Published: 2023-12-27 16:16 – Updated: 2024-08-02 22:16
VLAI
Title
Zip Path Traversal in Deepin-Compressor
Summary
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
CWE
  • CWE-23 - Relative Path Traversal
  • CWE-26 - Path Traversal: '/dir/../filename'
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
          },
          {
            "name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "developer-center",
          "vendor": "linuxdeepin",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.12.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there\u0027s a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23: Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-26",
              "description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-27T16:16:51.459Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
        },
        {
          "name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
        }
      ],
      "source": {
        "advisory": "GHSA-rw5r-8p9h-3gp2",
        "discovery": "UNKNOWN"
      },
      "title": "Zip Path Traversal in Deepin-Compressor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-50255",
    "datePublished": "2023-12-27T16:16:51.459Z",
    "dateReserved": "2023-12-05T20:42:59.378Z",
    "dateUpdated": "2024-08-02T22:16:46.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-49801 (GCVE-0-2023-49801)

Vulnerability from cvelistv5 – Published: 2024-01-12 21:08 – Updated: 2024-11-14 15:36
VLAI
Title
Lif Auth Server vulnerable to uncontrolled data in path expression
Summary
Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
Vendor Product Version
Lif-Platforms Lif-Auth-Server Affected: >= 1.3.2, < 1.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:26.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f"
          },
          {
            "name": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-49801",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T15:34:33.686700Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T15:36:05.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Lif-Auth-Server",
          "vendor": "Lif-Platforms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.3.2, \u003c 1.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn\u0027t have access to. This issue has been patched in version 1.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23: Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T21:08:06.057Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f"
        },
        {
          "name": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb"
        }
      ],
      "source": {
        "advisory": "GHSA-3v77-pvqq-qg3f",
        "discovery": "UNKNOWN"
      },
      "title": "Lif Auth Server vulnerable to uncontrolled data in path expression "
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49801",
    "datePublished": "2024-01-12T21:08:06.057Z",
    "dateReserved": "2023-11-30T13:39:50.864Z",
    "dateUpdated": "2024-11-14T15:36:05.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47613 (GCVE-0-2023-47613)

Vulnerability from cvelistv5 – Published: 2023-11-09 06:32 – Updated: 2024-09-03 19:34
VLAI
Summary
A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
References
Credits
Alexander Kozlov from Kaspersky Sergey Anufrienko from Kaspersky
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:09:37.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "KLCERT-22-211: Telit Cinterion (Thales/Gemalto) modules. Relative Path Traversal",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47613",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T19:34:10.939702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T19:34:58.071Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "BGS5",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "EHS5",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "EHS6",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "EHS8",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PDS5",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PDS6",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PDS8",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "ELS61",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "ELS81",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PLS62",
          "vendor": "Telit Cinterion"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alexander Kozlov from Kaspersky"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Sergey Anufrienko from Kaspersky"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23: Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-09T17:14:03.577Z",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "name": "KLCERT-22-211: Telit Cinterion (Thales/Gemalto) modules. Relative Path Traversal",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-21T12:45:00.000Z",
          "value": "Issue discovered by Kaspersky ICS CERT"
        },
        {
          "lang": "en",
          "time": "2023-04-27T15:56:00.000Z",
          "value": "Confirmed by Telit Cinterion"
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
        },
        {
          "lang": "en",
          "value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2023-47613",
    "datePublished": "2023-11-09T06:32:08.024Z",
    "dateReserved": "2023-11-07T10:06:48.689Z",
    "dateUpdated": "2024-09-03T19:34:58.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46119 (GCVE-0-2023-46119)

Vulnerability from cvelistv5 – Published: 2023-10-25 00:03 – Updated: 2024-09-10 15:56
VLAI
Title
Parse Server may crash when uploading file without extension
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
parse-community parse-server Affected: >= 1.0.0, < 5.5.6
Affected: >= 6.0.0, < 6.3.1
Create a notification for this product.
parse_community parse_server Affected: 1.0.0 , < 5.5.6 (custom)
    cpe:2.3:a:parse_community:parse_server:*:*:*:*:*:*:*:*
Create a notification for this product.
parse_community parse_server Affected: 6.0.0 , < 6.3.1 (custom)
    cpe:2.3:a:parse_community:parse_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:39.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579"
          },
          {
            "name": "https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe"
          },
          {
            "name": "https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0"
          },
          {
            "name": "https://github.com/parse-community/parse-server/releases/tag/5.5.6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.6"
          },
          {
            "name": "https://github.com/parse-community/parse-server/releases/tag/6.3.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/releases/tag/6.3.1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:parse_community:parse_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parse_server",
            "vendor": "parse_community",
            "versions": [
              {
                "lessThan": "5.5.6",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:parse_community:parse_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parse_server",
            "vendor": "parse_community",
            "versions": [
              {
                "lessThan": "6.3.1",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:28:20.838525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:56:13.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parse-server",
          "vendor": "parse-community",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 5.5.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23: Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-25T00:03:55.774Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579"
        },
        {
          "name": "https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe"
        },
        {
          "name": "https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0"
        },
        {
          "name": "https://github.com/parse-community/parse-server/releases/tag/5.5.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.6"
        },
        {
          "name": "https://github.com/parse-community/parse-server/releases/tag/6.3.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/releases/tag/6.3.1"
        }
      ],
      "source": {
        "advisory": "GHSA-792q-q67h-w579",
        "discovery": "UNKNOWN"
      },
      "title": "Parse Server may crash when uploading file without extension"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-46119",
    "datePublished": "2023-10-25T00:03:55.774Z",
    "dateReserved": "2023-10-16T17:51:35.571Z",
    "dateUpdated": "2024-09-10T15:56:13.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-42791 (GCVE-0-2023-42791)

Vulnerability from cvelistv5 – Published: 2024-02-20 13:19 – Updated: 2024-08-02 19:30
VLAI
Summary
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiManager Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.3 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Affected: 6.4.0 , ≤ 6.4.12 (semver)
Affected: 6.2.0 , ≤ 6.2.11 (semver)
Create a notification for this product.
Fortinet FortiAnalyzer Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.3 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Affected: 6.4.0 , ≤ 6.4.12 (semver)
Affected: 6.2.0 , ≤ 6.2.11 (semver)
Create a notification for this product.
fortinet fortianalyzer Affected: 6.2.0 , ≤ 6.2.11 (semver)
Affected: 6.4.0 , ≤ 6.4.12 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Affected: 7.2.0 , ≤ 7.2.3 (semver)
Affected: 7.4.0 , < 7.4.1 (semver)
    cpe:2.3:a:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
Create a notification for this product.
fortinet fortimanager Affected: 6.2.0 , ≤ 6.2.11 (semver)
Affected: 6.4.0 , ≤ 6.4.12 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Affected: 7.2.0 , ≤ 7.2.3 (semver)
Affected: 7.4.0 , < 7.4.1 (semver)
    cpe:2.3:a:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortianalyzer",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "6.2.11",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "6.4.12",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.8",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThan": "7.4.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortimanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "6.2.11",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "6.4.12",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.8",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThan": "7.4.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T17:13:32.925996Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T17:18:19.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-189",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-189"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.12",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.12",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-20T13:19:20.221Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-189",
          "url": "https://fortiguard.com/psirt/FG-IR-23-189"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.0.7 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.4.8 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.2.6 or above \nPlease upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.9 or above \nPlease upgrade to FortiManager version 6.4.13 or above \nPlease upgrade to FortiManager version 6.2.12 or above \nPlease upgrade to FortiAnalyzer version 7.4.1 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \nPlease upgrade to FortiAnalyzer version 7.0.9 or above \nPlease upgrade to FortiAnalyzer version 6.4.13 or above \nPlease upgrade to FortiAnalyzer version 6.2.12 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-42791",
    "datePublished": "2024-02-20T13:19:20.221Z",
    "dateReserved": "2023-09-14T08:37:38.657Z",
    "dateUpdated": "2024-08-02T19:30:24.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-42783 (GCVE-0-2023-42783)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:04 – Updated: 2024-08-30 18:27
VLAI
Summary
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Information disclosure
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiWLM Affected: 8.6.0 , ≤ 8.6.6 (semver)
Affected: 8.5.0 , ≤ 8.5.4 (semver)
Affected: 8.4.0 , ≤ 8.4.2 (semver)
Affected: 8.3.0 , ≤ 8.3.2 (semver)
Affected: 8.2.2
Create a notification for this product.
fortinet fortiwlm Affected: 8.2.2
Affected: 8.3.0 , ≤ 8.3.2 (semver)
Affected: 8.4.0 , ≤ 8.4.2 (semver)
Affected: 8.5.0 , ≤ 8.5.4 (semver)
Affected: 8.6.0 , ≤ 8.6.6 (semver)
    cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-143",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-143"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortiwlm",
            "vendor": "fortinet",
            "versions": [
              {
                "status": "affected",
                "version": "8.2.2"
              },
              {
                "lessThanOrEqual": "8.3.2",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.4.2",
                "status": "affected",
                "version": "8.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.5.4",
                "status": "affected",
                "version": "8.5.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "8.6.6",
                "status": "affected",
                "version": "8.6.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42783",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T18:22:55.290862Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T18:27:39.061Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiWLM",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "8.6.6",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.4",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.2",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.2",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "8.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:04:50.699Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-143",
          "url": "https://fortiguard.com/psirt/FG-IR-23-143"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-42783",
    "datePublished": "2023-11-14T18:04:50.699Z",
    "dateReserved": "2023-09-14T08:37:38.656Z",
    "dateUpdated": "2024-08-30T18:27:39.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20.1
Implementation

Strategy: Input Validation

  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
  • Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
  • realpath() in C
  • getCanonicalPath() in Java
  • GetFullPath() in ASP.NET
  • realpath() or abs_path() in Perl
  • realpath() in PHP
Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-139: Relative Path Traversal

An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.