CWE-23
Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
CVE-2020-5410 (GCVE-0-2020-5410)
Vulnerability from cvelistv5 – Published: 2020-06-02 16:50 – Updated: 2025-10-21 23:35
VLAI
Title
Directory Traversal with spring-cloud-config-server
Summary
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
Severity
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tanzu.vmware.com/security/cve-2020-5410 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring by VMware | Spring Cloud Config |
Affected:
2.1 , < 2.1.9
(custom)
Affected: 2.2 , < 2.2.3 (custom) |
Date Public
2020-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5410"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-5410",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:43:59.584737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5410"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:43.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5410"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-25T00:00:00.000Z",
"value": "CVE-2020-5410 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spring Cloud Config",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "2.1.9",
"status": "affected",
"version": "2.1",
"versionType": "custom"
},
{
"lessThan": "2.2.3",
"status": "affected",
"version": "2.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-02T16:50:11.000Z",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5410"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directory Traversal with spring-cloud-config-server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-06-01T00:00:00.000Z",
"ID": "CVE-2020-5410",
"STATE": "PUBLIC",
"TITLE": "Directory Traversal with spring-cloud-config-server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Cloud Config",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1",
"version_value": "2.1.9"
},
{
"version_affected": "\u003c",
"version_name": "2.2",
"version_value": "2.2.3"
}
]
}
}
]
},
"vendor_name": "Spring by VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2020-5410",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5410"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5410",
"datePublished": "2020-06-02T16:50:12.055Z",
"dateReserved": "2020-01-03T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:43.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7008 (GCVE-0-2020-7008)
Vulnerability from cvelistv5 – Published: 2020-04-03 17:44 – Updated: 2024-08-04 09:18
VLAI
Summary
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources.
Severity
No CVSS data available.
CWE
- CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-084-01 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| VISAM | VBASE Editor |
Affected:
11.5.0.2
|
|
| VISAM | VBASE Web-Remote Module |
Affected:
all
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VBASE Editor",
"vendor": "VISAM",
"versions": [
{
"status": "affected",
"version": "11.5.0.2"
}
]
},
{
"product": "VBASE Web-Remote Module",
"vendor": "VISAM",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "RELATIVE PATH TRAVERSAL CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-03T17:44:19.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-7008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VBASE Editor",
"version": {
"version_data": [
{
"version_value": "11.5.0.2"
}
]
}
},
{
"product_name": "VBASE Web-Remote Module",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "VISAM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RELATIVE PATH TRAVERSAL CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-7008",
"datePublished": "2020-04-03T17:44:19.000Z",
"dateReserved": "2020-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7376 (GCVE-0-2020-7376)
Vulnerability from cvelistv5 – Published: 2020-08-24 19:10 – Updated: 2024-09-16 23:35
VLAI
Title
Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module
Summary
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.
Severity
7.1 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rapid7/metasploit-framework/is… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
4.11.7 , < 4.11.7*
(custom)
Affected: 6.0.3 , < 6.0.3 (custom) |
Date Public
2020-08-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.11.7*",
"status": "affected",
"version": "4.11.7",
"versionType": "custom"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"datePublic": "2020-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"post/osx/gather/enum_osx module\" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T19:10:17.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-08-17T10:00:00.000Z",
"ID": "CVE-2020-7376",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "4.11.7",
"version_value": "4.11.7"
},
{
"version_affected": "\u003c",
"version_name": "6.0.3",
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metasploit Framework module \"post/osx/gather/enum_osx module\" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/14008",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7376",
"datePublished": "2020-08-24T19:10:17.594Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:35:28.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7377 (GCVE-0-2020-7377)
Vulnerability from cvelistv5 – Published: 2020-08-24 19:10 – Updated: 2024-09-17 03:43
VLAI
Title
Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module
Summary
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.
Severity
8.1 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rapid7/metasploit-framework/is… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
4.12.40 , < 4.12.40*
(custom)
Affected: 6.0.3 , < 6.0.3 (custom) |
Date Public
2020-08-18 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.12.40*",
"status": "affected",
"version": "4.12.40",
"versionType": "custom"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"datePublic": "2020-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"auxiliary/admin/http/telpho10_credential_dump\" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T19:10:17.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-08-18T08:48:00.000Z",
"ID": "CVE-2020-7377",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "4.12.40",
"version_value": "4.12.40"
},
{
"version_affected": "\u003c",
"version_name": "6.0.3",
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metasploit Framework module \"auxiliary/admin/http/telpho10_credential_dump\" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/14015",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7377",
"datePublished": "2020-08-24T19:10:18.025Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:45.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7861 (GCVE-0-2020-7861)
Vulnerability from cvelistv5 – Published: 2021-04-22 17:33 – Updated: 2024-08-04 09:41
VLAI
Title
AnySupport directory traversing vulnerability
Summary
AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution.
Severity
8.4 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Koino | AquaNPlayer |
Affected:
2019.3.21.0 , ≤ 2019.3.21.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "AquaNPlayer",
"vendor": "Koino",
"versions": [
{
"lessThanOrEqual": "2019.3.21.0",
"status": "affected",
"version": "2019.3.21.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T17:33:16.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36016"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AnySupport directory traversing vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7861",
"STATE": "PUBLIC",
"TITLE": "AnySupport directory traversing vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AquaNPlayer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "2019.3.21.0",
"version_value": "2019.3.21.0"
}
]
}
}
]
},
"vendor_name": "Koino"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36016",
"refsource": "CONFIRM",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36016"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2020-7861",
"datePublished": "2021-04-22T17:33:16.000Z",
"dateReserved": "2020-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:41:01.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8254 (GCVE-0-2020-8254)
Vulnerability from cvelistv5 – Published: 2020-10-28 12:46 – Updated: 2024-08-04 09:56
VLAI
Summary
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.
Severity
No CVSS data available.
CWE
- CWE-23 - Relative Path Traversal (CWE-23)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Securit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Pulse Secure Desktop Client |
Affected:
9.1R9
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pulse Secure Desktop Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.1R9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal (CWE-23)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:46:28.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Secure Desktop Client",
"version": {
"version_data": [
{
"version_value": "9.1R9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pulse Secure Desktop Client \u003c 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Relative Path Traversal (CWE-23)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8254",
"datePublished": "2020-10-28T12:46:28.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:27.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8271 (GCVE-0-2020-8271)
Vulnerability from cvelistv5 – Published: 2020-11-16 00:32 – Updated: 2024-08-04 09:56
VLAI
Summary
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
Severity
No CVSS data available.
CWE
- CWE-23 - Relative Path Traversal (CWE-23)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.citrix.com/article/CTX285061 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Citrix SD-WAN Center |
Affected:
Fixed in 11.2.2, 11.1.2b and 10.2.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX285061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix SD-WAN Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 11.2.2, 11.1.2b and 10.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal (CWE-23)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-16T00:32:58.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX285061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix SD-WAN Center",
"version": {
"version_data": [
{
"version_value": "Fixed in 11.2.2, 11.1.2b and 10.2.8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Relative Path Traversal (CWE-23)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX285061",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX285061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8271",
"datePublished": "2020-11-16T00:32:58.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:28.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8570 (GCVE-0-2020-8570)
Vulnerability from cvelistv5 – Published: 2021-01-21 17:09 – Updated: 2024-09-16 22:01
VLAI
Title
Kubernetes Java client libraries unvalidated path traversal in Copy implementation
Summary
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
Severity
No CVSS data available.
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://groups.google.com/g/kubernetes-security-a… | x_refsource_MISC |
| https://github.com/kubernetes-client/java/issues/1491 | x_refsource_MISC |
| https://lists.apache.org/thread.html/rcafa485d635… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r0c76b3d0be3… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/rdb223e1b82e… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r1975078e44d… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kubernetes | Kubernetes Java Client |
Affected:
all versions prior to 9.0
Affected: 9.0 , < 9.0.2 (custom) Affected: 10.0 , < 10.0.1 (custom) |
Date Public
2021-01-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes-client/java/issues/1491"
},
{
"name": "[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942%40%3Ccommits.druid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes Java Client",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "all versions prior to 9.0"
},
{
"lessThan": "9.0.2",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "10.0.1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered via CodeQL automated scanning on GitHub"
}
],
"datePublic": "2021-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T00:06:10.000Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes-client/java/issues/1491"
},
{
"name": "[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942%40%3Ccommits.druid.apache.org%3E"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to 9.0.2, 10.0.1 or 11.0.0 versions of the library."
}
],
"source": {
"defect": [
"https://github.com/kubernetes-client/java/issues/1491"
],
"discovery": "UNKNOWN"
},
"title": "Kubernetes Java client libraries unvalidated path traversal in Copy implementation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-01-11T23:15:00.000Z",
"ID": "CVE-2020-8570",
"STATE": "PUBLIC",
"TITLE": "Kubernetes Java client libraries unvalidated path traversal in Copy implementation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes Java Client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.0",
"version_value": "9.0.2"
},
{
"version_affected": "\u003c",
"version_name": "10.0",
"version_value": "10.0.1"
},
{
"version_value": "all versions prior to 9.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered via CodeQL automated scanning on GitHub"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg"
},
{
"name": "https://github.com/kubernetes-client/java/issues/1491",
"refsource": "MISC",
"url": "https://github.com/kubernetes-client/java/issues/1491"
},
{
"name": "[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to 9.0.2, 10.0.1 or 11.0.0 versions of the library."
}
],
"source": {
"defect": [
"https://github.com/kubernetes-client/java/issues/1491"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8570",
"datePublished": "2021-01-21T17:09:21.689Z",
"dateReserved": "2020-02-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:01:55.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8865 (GCVE-0-2020-8865)
Vulnerability from cvelistv5 – Published: 2020-03-23 20:15 – Updated: 2024-08-04 10:12
VLAI
Summary
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.
Severity
6.3 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Horde | Groupware Webmail Edition |
Affected:
5.2.22
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-276/"
},
{
"name": "[debian-lts-announce] 20200415 [SECURITY] [DLA 2175-1] php-horde-trean security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Groupware Webmail Edition",
"vendor": "Horde",
"versions": [
{
"status": "affected",
"version": "5.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrea Cardaci"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T04:06:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-276/"
},
{
"name": "[debian-lts-announce] 20200415 [SECURITY] [DLA 2175-1] php-horde-trean security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-8865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Groupware Webmail Edition",
"version": {
"version_data": [
{
"version_value": "5.2.22"
}
]
}
}
]
},
"vendor_name": "Horde"
}
]
}
},
"credit": "Andrea Cardaci",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-276/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-276/"
},
{
"name": "[debian-lts-announce] 20200415 [SECURITY] [DLA 2175-1] php-horde-trean security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-8865",
"datePublished": "2020-03-23T20:15:17.000Z",
"dateReserved": "2020-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20040 (GCVE-0-2021-20040)
Vulnerability from cvelistv5 – Published: 2021-12-08 09:55 – Updated: 2024-08-03 17:30
VLAI
Summary
A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
Severity
No CVSS data available.
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SonicWall | SonicWall SMA100 |
Affected:
10.2.0.8-37sv and earlier
Affected: 10.2.1.1-19sv and earlier Affected: 10.2.1.2-24sv and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicWall SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "10.2.0.8-37sv and earlier"
},
{
"status": "affected",
"version": "10.2.1.1-19sv and earlier"
},
{
"status": "affected",
"version": "10.2.1.2-24sv and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a \u0027nobody\u0027 user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T09:55:23.000Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2021-20040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicWall SMA100",
"version": {
"version_data": [
{
"version_value": "10.2.0.8-37sv and earlier"
},
{
"version_value": "10.2.1.1-19sv and earlier"
},
{
"version_value": "10.2.1.2-24sv and earlier"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a \u0027nobody\u0027 user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2021-20040",
"datePublished": "2021-12-08T09:55:23.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5.1
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20.1
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
- Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
- realpath() in C
- getCanonicalPath() in Java
- GetFullPath() in ASP.NET
- realpath() or abs_path() in Perl
- realpath() in PHP
Mitigation ID: MIT-29
Phase: Operation
Strategy: Firewall
Description:
- Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-139: Relative Path Traversal
An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.