CWE-426
Allowed-with-ReviewUntrusted Search Path
Abstraction: Base · Status: Stable
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
892 vulnerabilities reference this CWE, most recent first.
CVE-2023-23920 (GCVE-0-2023-23920)
Vulnerability from cvelistv5 – Published: 2023-02-23 00:00 – Updated: 2025-04-30 05:57| Vendor | Product | Version | |
|---|---|---|---|
| NodeJS | Node |
Affected:
4.0 , < 4.*
(semver)
Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.* (semver) Affected: 13.0 , < 13.* (semver) Affected: 14.0 , < 14.21.3 (semver) Affected: 15.0 , < 15.* (semver) Affected: 16.0 , < 16.19.1 (semver) Affected: 17.0 , < 17.* (semver) Affected: 18.0 , < 18.14.1 (semver) Affected: 19.0 , < 19.6.1 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:27.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"
},
{
"name": "[debian-lts-announce] 20230226 [SECURITY] [DLA 3344-1] nodejs security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230316-0008/"
},
{
"name": "DSA-5395",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5395"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T14:22:16.608723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T18:31:29.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Node",
"vendor": "NodeJS",
"versions": [
{
"lessThan": "4.*",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.*",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "6.*",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "7.*",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThan": "9.*",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThan": "10.*",
"status": "affected",
"version": "10.0",
"versionType": "semver"
},
{
"lessThan": "11.*",
"status": "affected",
"version": "11.0",
"versionType": "semver"
},
{
"lessThan": "12.*",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThan": "13.*",
"status": "affected",
"version": "13.0",
"versionType": "semver"
},
{
"lessThan": "14.21.3",
"status": "affected",
"version": "14.0",
"versionType": "semver"
},
{
"lessThan": "15.*",
"status": "affected",
"version": "15.0",
"versionType": "semver"
},
{
"lessThan": "16.19.1",
"status": "affected",
"version": "16.0",
"versionType": "semver"
},
{
"lessThan": "17.*",
"status": "affected",
"version": "17.0",
"versionType": "semver"
},
{
"lessThan": "18.14.1",
"status": "affected",
"version": "18.0",
"versionType": "semver"
},
{
"lessThan": "19.6.1",
"status": "affected",
"version": "19.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T05:57:24.758Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"
},
{
"name": "[debian-lts-announce] 20230226 [SECURITY] [DLA 3344-1] nodejs security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230316-0008/"
},
{
"name": "DSA-5395",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5395"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-23920",
"datePublished": "2023-02-23T00:00:00.000Z",
"dateReserved": "2023-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-30T05:57:24.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23618 (GCVE-0-2023-23618)
Vulnerability from cvelistv5 – Published: 2023-02-14 20:38 – Updated: 2025-03-10 21:11- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://github.com/git-for-windows/git/security/a… | x_refsource_CONFIRM |
| https://github.com/git-for-windows/git/commit/49a… | x_refsource_MISC |
| https://github.com/git-for-windows/git/releases/t… | x_refsource_MISC |
| https://wiki.tcl-lang.org/page/exec | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| git-for-windows | git |
Affected:
< 2.39.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm"
},
{
"name": "https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1"
},
{
"name": "https://wiki.tcl-lang.org/page/exec",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.tcl-lang.org/page/exec"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:57:52.068886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:11:24.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git-for-windows",
"versions": [
{
"status": "affected",
"version": "\u003c 2.39.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI\u0027s \"Visualize History\" functionality) in clones of untrusted repositories.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T20:38:04.921Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm"
},
{
"name": "https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1"
},
{
"name": "https://wiki.tcl-lang.org/page/exec",
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.tcl-lang.org/page/exec"
}
],
"source": {
"advisory": "GHSA-wxwv-49qw-35pm",
"discovery": "UNKNOWN"
},
"title": "gitk can inadvertently call executables in the worktree"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23618",
"datePublished": "2023-02-14T20:38:04.921Z",
"dateReserved": "2023-01-16T17:07:46.243Z",
"dateUpdated": "2025-03-10T21:11:24.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22743 (GCVE-0-2023-22743)
Vulnerability from cvelistv5 – Published: 2023-02-14 20:39 – Updated: 2025-03-10 21:11- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://github.com/git-for-windows/git/security/a… | x_refsource_CONFIRM |
| https://github.com/git-for-windows/git/security/a… | x_refsource_MISC |
| https://attack.mitre.org/techniques/T1574/002/ | x_refsource_MISC |
| https://github.com/git-for-windows/git/releases/t… | x_refsource_MISC |
| https://learn.microsoft.com/en-us/windows/win32/c… | x_refsource_MISC |
| https://learn.microsoft.com/en-us/windows/win32/s… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| git-for-windows | git |
Affected:
< 2.39.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq"
},
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3"
},
{
"name": "https://attack.mitre.org/techniques/T1574/002/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attack.mitre.org/techniques/T1574/002/"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1"
},
{
"name": "https://learn.microsoft.com/en-us/windows/win32/controls/cookbook-overview?redirectedfrom=MSDN#using-comctl32dll-version-6-in-an-application-that-uses-only-standard-extensions",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://learn.microsoft.com/en-us/windows/win32/controls/cookbook-overview?redirectedfrom=MSDN#using-comctl32dll-version-6-in-an-application-that-uses-only-standard-extensions"
},
{
"name": "https://learn.microsoft.com/en-us/windows/win32/sbscs/about-side-by-side-assemblies-",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://learn.microsoft.com/en-us/windows/win32/sbscs/about-side-by-side-assemblies-"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:57:49.109097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:11:18.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git-for-windows",
"versions": [
{
"status": "affected",
"version": "\u003c 2.39.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T20:39:30.094Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq"
},
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3"
},
{
"name": "https://attack.mitre.org/techniques/T1574/002/",
"tags": [
"x_refsource_MISC"
],
"url": "https://attack.mitre.org/techniques/T1574/002/"
},
{
"name": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1"
},
{
"name": "https://learn.microsoft.com/en-us/windows/win32/controls/cookbook-overview?redirectedfrom=MSDN#using-comctl32dll-version-6-in-an-application-that-uses-only-standard-extensions",
"tags": [
"x_refsource_MISC"
],
"url": "https://learn.microsoft.com/en-us/windows/win32/controls/cookbook-overview?redirectedfrom=MSDN#using-comctl32dll-version-6-in-an-application-that-uses-only-standard-extensions"
},
{
"name": "https://learn.microsoft.com/en-us/windows/win32/sbscs/about-side-by-side-assemblies-",
"tags": [
"x_refsource_MISC"
],
"url": "https://learn.microsoft.com/en-us/windows/win32/sbscs/about-side-by-side-assemblies-"
}
],
"source": {
"advisory": "GHSA-p2x9-prp4-8gvq",
"discovery": "UNKNOWN"
},
"title": "Git for Windows\u0027 installer is susceptible to DLL side loading attacks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22743",
"datePublished": "2023-02-14T20:39:30.094Z",
"dateReserved": "2023-01-06T14:21:05.892Z",
"dateUpdated": "2025-03-10T21:11:18.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21764 (GCVE-0-2023-21764)
Vulnerability from cvelistv5 – Published: 2023-01-10 00:00 – Updated: 2025-01-01 00:36- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.037
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Affected:
15.02.0 , < 15.02.1118.021
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Affected:
15.01.0 , < 15.01.2507.017
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:50.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.037",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.021",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.017",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.037",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.021",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.017",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-01-10T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:36:07.163Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21764"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21764",
"datePublished": "2023-01-10T00:00:00.000Z",
"dateReserved": "2022-12-13T00:00:00.000Z",
"dateUpdated": "2025-01-01T00:36:07.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21763 (GCVE-0-2023-21763)
Vulnerability from cvelistv5 – Published: 2023-01-10 00:00 – Updated: 2025-01-01 00:36- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.037
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Affected:
15.02.0 , < 15.02.1118.021
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Affected:
15.01.0 , < 15.01.2507.017
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:50.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.037",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.021",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.017",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.037",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.021",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.017",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-01-10T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:36:06.648Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21763"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21763",
"datePublished": "2023-01-10T00:00:00.000Z",
"dateReserved": "2022-12-13T00:00:00.000Z",
"dateUpdated": "2025-01-01T00:36:06.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4736 (GCVE-0-2023-4736)
Vulnerability from cvelistv5 – Published: 2023-09-02 18:02 – Updated: 2026-06-23 17:19- CWE-426 - Untrusted Search Path
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4736",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T16:08:08.279285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T17:19:10.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim/vim",
"vendor": "vim",
"versions": [
{
"lessThan": "9.0.1833",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:07:19.840Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71"
},
{
"url": "https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"source": {
"advisory": "e1ce0995-4df4-4dec-9cd7-3136ac3e8e71",
"discovery": "EXTERNAL"
},
"title": "Untrusted Search Path in vim/vim"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4736",
"datePublished": "2023-09-02T18:02:05.557Z",
"dateReserved": "2023-09-02T18:01:52.802Z",
"dateUpdated": "2026-06-23T17:19:10.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-1521 (GCVE-0-2023-1521)
Vulnerability from cvelistv5 – Published: 2024-11-26 11:15 – Updated: 2024-11-26 20:45- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | third-party-advisory |
| https://github.com/advisories/GHSA-x7fr-pg8f-93f5 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:sccache:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sccache",
"vendor": "mozilla",
"versions": [
{
"lessThan": "0.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T20:35:46.133326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:45:48.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "sccache",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "0.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Paolo Tranquilli (@redsun82)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn Linux the \u003ccode\u003esccache\u003c/code\u003e client can execute arbitrary code with the privileges of a local \u003ccode\u003esccache\u003c/code\u003e server, by preloading the code in a shared library passed to \u003ccode\u003eLD_PRELOAD\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eIf the server is run as root (which is the default when installing the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://snapcraft.io/sccache\"\u003esnap package\u003c/a\u003e), this means a user running the \u003ccode\u003esccache\u003c/code\u003e client can get root privileges.\u003c/p\u003e"
}
],
"value": "On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.\n\n\nIf the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:15:59.434Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-046_ScCache"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/advisories/GHSA-x7fr-pg8f-93f5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in sccache",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-1521",
"datePublished": "2024-11-26T11:15:59.434Z",
"dateReserved": "2023-03-20T15:56:33.714Z",
"dateUpdated": "2024-11-26T20:45:48.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41953 (GCVE-0-2022-41953)
Vulnerability from cvelistv5 – Published: 2023-01-17 21:03 – Updated: 2025-03-10 21:22- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://github.com/git-for-windows/git/security/a… | x_refsource_CONFIRM |
| https://github.com/git-for-windows/git/pull/4219 | x_refsource_MISC |
| https://github.com/git-for-windows/git/commit/736… | x_refsource_MISC |
| https://www.tcl.tk/man/tcl8.6/TclCmd/exec.html#M23 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| git-for-windows | git |
Affected:
< 2.39.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-v4px-mx59-w99c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-v4px-mx59-w99c"
},
{
"name": "https://github.com/git-for-windows/git/pull/4219",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/pull/4219"
},
{
"name": "https://github.com/git-for-windows/git/commit/7360767e8dfc1895a932324079f7d45d7791d39f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/commit/7360767e8dfc1895a932324079f7d45d7791d39f"
},
{
"name": "https://www.tcl.tk/man/tcl8.6/TclCmd/exec.html#M23",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tcl.tk/man/tcl8.6/TclCmd/exec.html#M23"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:35.869270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:22:28.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git-for-windows",
"versions": [
{
"status": "affected",
"version": "\u003c 2.39.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T21:03:14.721Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-v4px-mx59-w99c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-v4px-mx59-w99c"
},
{
"name": "https://github.com/git-for-windows/git/pull/4219",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-for-windows/git/pull/4219"
},
{
"name": "https://github.com/git-for-windows/git/commit/7360767e8dfc1895a932324079f7d45d7791d39f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-for-windows/git/commit/7360767e8dfc1895a932324079f7d45d7791d39f"
},
{
"name": "https://www.tcl.tk/man/tcl8.6/TclCmd/exec.html#M23",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tcl.tk/man/tcl8.6/TclCmd/exec.html#M23"
}
],
"source": {
"advisory": "GHSA-v4px-mx59-w99c",
"discovery": "UNKNOWN"
},
"title": "Git clone remote code execution vulnerability in git-for-windows"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41953",
"datePublished": "2023-01-17T21:03:14.721Z",
"dateReserved": "2022-09-30T16:38:28.945Z",
"dateUpdated": "2025-03-10T21:22:28.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36070 (GCVE-0-2022-36070)
Vulnerability from cvelistv5 – Published: 2022-09-07 18:30 – Updated: 2025-04-23 17:14- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://github.com/python-poetry/poetry/releases/… | x_refsource_MISC |
| https://github.com/python-poetry/poetry/security/… | x_refsource_CONFIRM |
| https://github.com/python-poetry/poetry/releases/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| python-poetry | poetry |
Affected:
< 1.1.9
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/python-poetry/poetry/releases/tag/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/python-poetry/poetry/releases/tag/1.2.0b1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:49:43.880501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:14:12.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "poetry",
"vendor": "python-poetry",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable\u2019s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the `PATH` environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented. Versions 1.1.9 and 1.2.0b1 contain patches for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T18:30:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-poetry/poetry/releases/tag/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-poetry/poetry/releases/tag/1.2.0b1"
}
],
"source": {
"advisory": "GHSA-j4j9-7hg9-97g6",
"discovery": "UNKNOWN"
},
"title": "Poetry\u0027s Untrusted Search Path can lead to Local Code Execution on Windows",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36070",
"STATE": "PUBLIC",
"TITLE": "Poetry\u0027s Untrusted Search Path can lead to Local Code Execution on Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "poetry",
"version": {
"version_data": [
{
"version_value": "\u003c 1.1.9"
}
]
}
}
]
},
"vendor_name": "python-poetry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable\u2019s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the `PATH` environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented. Versions 1.1.9 and 1.2.0b1 contain patches for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/python-poetry/poetry/releases/tag/1.1.9",
"refsource": "MISC",
"url": "https://github.com/python-poetry/poetry/releases/tag/1.1.9"
},
{
"name": "https://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6",
"refsource": "CONFIRM",
"url": "https://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6"
},
{
"name": "https://github.com/python-poetry/poetry/releases/tag/1.2.0b1",
"refsource": "MISC",
"url": "https://github.com/python-poetry/poetry/releases/tag/1.2.0b1"
}
]
},
"source": {
"advisory": "GHSA-j4j9-7hg9-97g6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36070",
"datePublished": "2022-09-07T18:30:14.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:14:12.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35868 (GCVE-0-2022-35868)
Vulnerability from cvelistv5 – Published: 2023-02-14 10:36 – Updated: 2024-08-13 07:50- CWE-426 - Untrusted Search Path
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | TIA Multiuser Server V14 |
Affected:
0 , < *
(custom)
|
|
| Siemens | TIA Multiuser Server V15 |
Affected:
All versions < V15.1 Update 8
|
|
| Siemens | TIA Project-Server |
Affected:
All versions < V1.1
|
|
| Siemens | TIA Project-Server V16 |
Affected:
0 , < *
(custom)
|
|
| Siemens | TIA Project-Server V17 |
Affected:
All versions < V17 Update 6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TIA Multiuser Server V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Multiuser Server V15",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 8"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Project-Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Project-Server V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Project-Server V17",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions \u003c V15.1 Update 8), TIA Project-Server (All versions \u003c V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions \u003c V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T07:50:22.699Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-640968.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-35868",
"datePublished": "2023-02-14T10:36:08.964Z",
"dateReserved": "2022-07-14T16:20:28.861Z",
"dateUpdated": "2024-08-13T07:50:22.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Attack Surface Reduction
Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
Mitigation
When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.
Mitigation
Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
Mitigation
Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
Mitigation
Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
CAPEC-38: Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.