CWE-23
AllowedRelative Path Traversal
Abstraction: Base · Status: Draft
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
779 vulnerabilities reference this CWE, most recent first.
CVE-2018-18990 (GCVE-0-2018-18990)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-17 01:21- CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106634 | vdb-entryx_refsource_BID |
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "RELATIVE PATH TRAVERSAL CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-18990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RELATIVE PATH TRAVERSAL CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18990",
"datePublished": "2019-02-05T18:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:21:51.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14795 (GCVE-0-2018-14795)
Vulnerability from cvelistv5 – Published: 2018-08-21 14:00 – Updated: 2024-09-16 20:26- CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/105105 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "RELATIVE PATH TRAVERSAL CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV",
"version": {
"version_data": [
{
"version_value": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RELATIVE PATH TRAVERSAL CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14795",
"datePublished": "2018-08-21T14:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:38.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13299 (GCVE-0-2018-13299)
Vulnerability from cvelistv5 – Published: 2019-04-01 14:31 – Updated: 2024-09-16 19:24- CWE-23 - Relative Path Traversal (CWE-23)
| URL | Tags |
|---|---|
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:34.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calendar",
"vendor": "Synology",
"versions": [
{
"lessThan": "2.2.2-0532",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal (CWE-23)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-01T14:31:19.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2019-03-31T00:00:00",
"ID": "CVE-2018-13299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calendar",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2.2.2-0532"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Relative Path Traversal (CWE-23)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_54",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2018-13299",
"datePublished": "2019-04-01T14:31:19.573Z",
"dateReserved": "2018-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:24:24.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12476 (GCVE-0-2018-12476)
Vulnerability from cvelistv5 – Published: 2020-01-27 08:30 – Updated: 2024-09-16 20:52- CWE-23 - Relative Path Traversal
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1107944 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15 |
Affected:
obs-service-tar_scm , < 0.9.2.1537788075.fefaa74:
(custom)
|
|
| openSUSE | Factory |
Affected:
obs-service-tar_scm , < 0.9.2.1537788075.fefaa74
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1107944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 15",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.9.2.1537788075.fefaa74:",
"status": "affected",
"version": "obs-service-tar_scm",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "0.9.2.1537788075.fefaa74",
"status": "affected",
"version": "obs-service-tar_scm",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2020-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:38.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1107944"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107944",
"defect": [
"1107944"
],
"discovery": "INTERNAL"
},
"title": "obs-service-extract_file\u0027s outfilename parameter allows to write files outside of package directory",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2020-01-27T00:00:00.000Z",
"ID": "CVE-2018-12476",
"STATE": "PUBLIC",
"TITLE": "obs-service-extract_file\u0027s outfilename parameter allows to write files outside of package directory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "obs-service-tar_scm",
"version_value": "0.9.2.1537788075.fefaa74:"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "obs-service-tar_scm",
"version_value": "0.9.2.1537788075.fefaa74"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1107944",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1107944"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107944",
"defect": [
"1107944"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12476",
"datePublished": "2020-01-27T08:30:14.943Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:52:13.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12473 (GCVE-0-2018-12473)
Vulnerability from cvelistv5 – Published: 2018-10-02 15:00 – Updated: 2024-09-16 23:21- CWE-23 - path traversal
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1105361 | x_refsource_CONFIRM |
| https://github.com/openSUSE/obs-service-tar_scm/p… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| openSUSE | Open Build Service |
Affected:
unspecified , < 70d1aa4cc4d7b940180553a63805c22fc62e2cf0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1105361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openSUSE/obs-service-tar_scm/pull/248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Open Build Service",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "70d1aa4cc4d7b940180553a63805c22fc62e2cf0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ludwig Nussel of SUSE"
}
],
"datePublic": "2018-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23, path traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:32.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1105361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openSUSE/obs-service-tar_scm/pull/248"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1105361",
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1105361"
],
"discovery": "INTERNAL"
},
"title": "path traversal in obs-service-tar_scm",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-09-26T00:00:00.000Z",
"ID": "CVE-2018-12473",
"STATE": "PUBLIC",
"TITLE": "path traversal in obs-service-tar_scm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Build Service",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "70d1aa4cc4d7b940180553a63805c22fc62e2cf0"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ludwig Nussel of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23, path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1105361",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1105361"
},
{
"name": "https://github.com/openSUSE/obs-service-tar_scm/pull/248",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/obs-service-tar_scm/pull/248"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1105361",
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1105361"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12473",
"datePublished": "2018-10-02T15:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:21:29.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10615 (GCVE-0-2018-10615)
Vulnerability from cvelistv5 – Published: 2018-06-04 14:00 – Updated: 2024-09-16 23:51- CWE-23 - Relative path traversal CWE-23
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104377 | vdb-entryx_refsource_BID |
| http://www.gegridsolutions.com/app/DownloadFile.a… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| GE | MDS PulseNET and MDS PulseNET Enterprise |
Affected:
Version 3.2.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MDS PulseNET and MDS PulseNET Enterprise",
"vendor": "GE",
"versions": [
{
"status": "affected",
"version": "Version 3.2.1 and prior"
}
]
}
],
"datePublic": "2018-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative path traversal CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "104377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2018-10615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MDS PulseNET and MDS PulseNET Enterprise",
"version": {
"version_data": [
{
"version_value": "Version 3.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "GE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Relative path traversal CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104377"
},
{
"name": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1",
"refsource": "CONFIRM",
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10615",
"datePublished": "2018-06-04T14:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:13.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5448 (GCVE-0-2018-5448)
Vulnerability from cvelistv5 – Published: 2018-05-04 18:00 – Updated: 2025-05-22 17:43| URL | Tags |
|---|---|
| https://global.medtronic.com/xg-en/product-securi… | |
| https://www.cisa.gov/news-events/ics-medical-advi… | |
| https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01 | x_refsource_MISCx_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | 2090 CareLink Programmer |
Affected:
All versions
|
|
| Medtronic | 29901 Encore Programmer |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "2090 CareLink Programmer",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "29901 Encore Programmer",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios and Jonathan Butts of Whitescope LLC identified these vulnerabilities and reported them to CISA."
}
],
"datePublic": "2018-06-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic 2090 CareLink Programmer\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u2019s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. \u003c/span\u003e\n\n\n\n\u003c/p\u003e"
}
],
"value": "Medtronic 2090 CareLink Programmer\u2019s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:43:06.800Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01"
}
],
"source": {
"advisory": "ICSMA-18-058-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic 2090 Carelink Programmer Relative Path Traversal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic has assessed the vulnerabilities and determined that no new potential safety risks were identified. In order to enhance system security, Medtronic has added periodic integrity checks for files associated with the software deployment network. Additionally, Medtronic has developed server-side security changes that further enhance security. Medtronic reports that they will not be issuing a product update; however, Medtronic has identified compensating controls within this advisory to reduce the risk of exploitation and reiterates the following from the CareLink 2090 Programmer Reference Manual:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical controls over the programmer. Having a secure physical environment prevents access to the internals of the programmer.\u003c/li\u003e\u003cli\u003eOnly connect the programmer to managed, secure networks.\u003c/li\u003e\u003cli\u003eUpdate the software on the programmer when Medtronic updates are available.\u003c/li\u003e\u003cli\u003eAlternatively, disconnect the programmer from the network. Network connectivity is not required for normal programmer operation. \u003c/li\u003e\u003cli\u003eOffline updates are available, contact your Medtronic representative for more information.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has deployed mitigating patches to address the reported vulnerabilities. Medtronic has also stated that they have increased security controls associated with these vulnerabilities. As a result of the available mitigating patches, Medtronic has re-enabled the network-based software update mechanism.\u003c/p\u003e\u003cp\u003eMedtronic has stated that the patch for affected products can be obtained by contacting Medtronic Technical Services at 800\u2011638\u20111991.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eAfter additional review and risk evaluation of the affected products, Medtronic has disabled the network-based software update mechanism, including both the VPN and the HTTP subservices, as an immediate security mitigation. Users should not attempt to update the affected products over the network as this update mechanism is vulnerable to the attack described in section 4.2.3. Medtronic will continue to implement and deploy increased security protections and mitigations to address the vulnerabilities in this advisory.\u003c/p\u003e\u003cp\u003eUsers should still obtain and apply updates via controlled USB dongles and should contact their Medtronic representative for more information.\u003c/p\u003e\u003cp\u003eMedtronic recommends that affected products continue to be used for their intended purpose in the previously described manner.\u003cbr\u003e\u003cbr\u003eMedtronic has released a security bulletin for the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003e2090 CareLink Programmer\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic has assessed the vulnerabilities and determined that no new potential safety risks were identified. In order to enhance system security, Medtronic has added periodic integrity checks for files associated with the software deployment network. Additionally, Medtronic has developed server-side security changes that further enhance security. Medtronic reports that they will not be issuing a product update; however, Medtronic has identified compensating controls within this advisory to reduce the risk of exploitation and reiterates the following from the CareLink 2090 Programmer Reference Manual:\n\n * Maintain good physical controls over the programmer. Having a secure physical environment prevents access to the internals of the programmer.\n * Only connect the programmer to managed, secure networks.\n * Update the software on the programmer when Medtronic updates are available.\n * Alternatively, disconnect the programmer from the network. Network connectivity is not required for normal programmer operation. \n * Offline updates are available, contact your Medtronic representative for more information.\n\n\nMedtronic has deployed mitigating patches to address the reported vulnerabilities. Medtronic has also stated that they have increased security controls associated with these vulnerabilities. As a result of the available mitigating patches, Medtronic has re-enabled the network-based software update mechanism.\n\nMedtronic has stated that the patch for affected products can be obtained by contacting Medtronic Technical Services at 800\u2011638\u20111991.\n\n\nAfter additional review and risk evaluation of the affected products, Medtronic has disabled the network-based software update mechanism, including both the VPN and the HTTP subservices, as an immediate security mitigation. Users should not attempt to update the affected products over the network as this update mechanism is vulnerable to the attack described in section 4.2.3. Medtronic will continue to implement and deploy increased security protections and mitigations to address the vulnerabilities in this advisory.\n\nUsers should still obtain and apply updates via controlled USB dongles and should contact their Medtronic representative for more information.\n\nMedtronic recommends that affected products continue to be used for their intended purpose in the previously described manner.\n\nMedtronic has released a security bulletin for the 2090 CareLink Programmer https://www.medtronic.com/security ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-29T00:00:00",
"ID": "CVE-2018-10596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic 2090 CareLink Programmer",
"version": {
"version_data": [
{
"version_value": "2090 CareLink Programmer, all versions."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF COMMUNICATION CHANNEL TO INTENDED ENDPOINTS CWE-923"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5448",
"datePublished": "2018-05-04T18:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2025-05-22T17:43:06.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13996 (GCVE-0-2017-13996)
Vulnerability from cvelistv5 – Published: 2017-10-05 21:00 – Updated: 2024-08-05 19:13| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/100847 | vdb-entryx_refsource_BID |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | LOYTEC LVIS-3ME |
Affected:
LOYTEC LVIS-3ME
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01"
},
{
"name": "100847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LOYTEC LVIS-3ME",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "LOYTEC LVIS-3ME"
}
]
}
],
"datePublic": "2017-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01"
},
{
"name": "100847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-13996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LOYTEC LVIS-3ME",
"version": {
"version_data": [
{
"version_value": "LOYTEC LVIS-3ME"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01"
},
{
"name": "100847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-13996",
"datePublished": "2017-10-05T21:00:00.000Z",
"dateReserved": "2017-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:13:41.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9664 (GCVE-0-2017-9664)
Vulnerability from cvelistv5 – Published: 2018-05-24 20:00 – Updated: 2024-09-16 23:51- CWE-23 - Relative path traversal CWE-23
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100260 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | ABB SREA-01 and SREA-50 |
Affected:
SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB SREA-01 and SREA-50",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8."
}
]
}
],
"datePublic": "2018-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative path traversal CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-24T00:00:00",
"ID": "CVE-2017-9664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB SREA-01 and SREA-50",
"version": {
"version_data": [
{
"version_value": "SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Relative path traversal CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100260"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9664",
"datePublished": "2018-05-24T20:00:00.000Z",
"dateReserved": "2017-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:37.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0918 (GCVE-0-2017-0918)
Vulnerability from cvelistv5 – Published: 2018-03-21 20:00 – Updated: 2024-08-05 13:25- CWE-23 - Relative Path Traversal (CWE-23)
| URL | Tags |
|---|---|
| https://www.debian.org/security/2018/dsa-4145 | vendor-advisoryx_refsource_DEBIAN |
| https://hackerone.com/reports/301432 | x_refsource_MISC |
| https://about.gitlab.com/2018/01/16/gitlab-10-dot… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| GitLab | GitLab Community and Enterprise Editions |
Affected:
8.4.0 - 10.1.5 Fixed in 10.1.6
Affected: 10.2.0 - 10.2.5 Fixed in 10.2.6 Affected: 10.3.0 - 10.3.3 Fixed in 10.3.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4145"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/301432"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab Community and Enterprise Editions",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "8.4.0 - 10.1.5 Fixed in 10.1.6"
},
{
"status": "affected",
"version": "10.2.0 - 10.2.5 Fixed in 10.2.6"
},
{
"status": "affected",
"version": "10.3.0 - 10.3.3 Fixed in 10.3.4"
}
]
}
],
"datePublic": "2018-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal (CWE-23)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "DSA-4145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4145"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/301432"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab Community and Enterprise Editions",
"version": {
"version_data": [
{
"version_value": "8.4.0 - 10.1.5 Fixed in 10.1.6"
},
{
"version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6"
},
{
"version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Relative Path Traversal (CWE-23)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4145",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4145"
},
{
"name": "https://hackerone.com/reports/301432",
"refsource": "MISC",
"url": "https://hackerone.com/reports/301432"
},
{
"name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0918",
"datePublished": "2018-03-21T20:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:25:17.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-5.1
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20.1
Strategy: Input Validation
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
- Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
- realpath() in C
- getCanonicalPath() in Java
- GetFullPath() in ASP.NET
- realpath() or abs_path() in Perl
- realpath() in PHP
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-139: Relative Path Traversal
An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.