CWE-24
Path Traversal: '../filedir'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
CVE-2021-33036 (GCVE-0-2021-33036)
Vulnerability from cvelistv5 – Published: 2022-06-15 14:25 – Updated: 2024-08-03 23:42
VLAI
Title
Apache Hadoop Privilege escalation vulnerability
Summary
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Severity
No CVSS data available.
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/ctr84rmo3xd2tzqcx… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/06/15/2 | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2022072… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Hadoop |
Affected:
2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5"
},
{
"name": "[oss-security] 20220615 CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/15/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220722-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hadoop",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Hadoop would like to thank Hideyuki Furue for reporting and fixing this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher."
}
],
"metrics": [
{
"other": {
"content": {
"other": "Critical"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T18:07:41.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5"
},
{
"name": "[oss-security] 20220615 CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/06/15/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220722-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Hadoop Privilege escalation vulnerability",
"workarounds": [
{
"lang": "en",
"value": "If you are using the affected version of Apache Hadoop and some users can escalate to yarn user and cannot escalate to root user, remove the permission to escalate to yarn user from them."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-33036",
"STATE": "PUBLIC",
"TITLE": "Apache Hadoop Privilege escalation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hadoop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Hadoop would like to thank Hideyuki Furue for reporting and fixing this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "Critical"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/ctr84rmo3xd2tzqcx2b277c8z692vhl5"
},
{
"name": "[oss-security] 20220615 CVE-2021-33036: Apache Hadoop Privilege escalation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/06/15/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220722-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220722-0003/"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "If you are using the affected version of Apache Hadoop and some users can escalate to yarn user and cannot escalate to root user, remove the permission to escalate to yarn user from them."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-33036",
"datePublished": "2022-06-15T14:25:14.000Z",
"dateReserved": "2021-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:42:19.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3710 (GCVE-0-2021-3710)
Vulnerability from cvelistv5 – Published: 2021-10-01 02:35 – Updated: 2024-09-17 01:41
VLAI
Title
Apport info disclosure via path traversal bug in read_file
Summary
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
Severity
6.5 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://ubuntu.com/security/notices/USN-5077-1 | x_refsource_MISC |
| https://ubuntu.com/security/notices/USN-5077-2 | x_refsource_MISC |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | x_refsource_MISC |
| https://bugs.launchpad.net/ubuntu/+source/apport/… | x_refsource_MISC |
Impacted products
Date Public
2021-09-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm8",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.30+esm2",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.26",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu65.3",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu27.20",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Stephen R\u00f6ttger (@_tsuro)"
},
{
"lang": "en",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"datePublic": "2021-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-01T02:35:22.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
],
"discovery": "EXTERNAL"
},
"title": "Apport info disclosure via path traversal bug in read_file",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-09-14T00:00:00.000Z",
"ID": "CVE-2021-3710",
"STATE": "PUBLIC",
"TITLE": "Apport info disclosure via path traversal bug in read_file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.26"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu27.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu65.3"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Stephen R\u00f6ttger (@_tsuro)"
},
{
"lang": "eng",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/security/notices/USN-5077-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"name": "https://ubuntu.com/security/notices/USN-5077-2",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3710",
"datePublished": "2021-10-01T02:35:22.911Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:41:25.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1743 (GCVE-0-2022-1743)
Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-17 18:47
VLAI
Title
2.2.5 PATH TRAVERSAL: '../FILEDIR' CWE-24
Summary
The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS.
Severity
6.8 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dominion Voting System | ImageCast X application |
Affected:
Version 5.5-A Versions 5.5.10.30 and 5.5.10.32
|
|
| Dominion Voting System | ImageCast X firmware |
Affected:
Version 5.5-A
|
Date Public
2022-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:56:21.191704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:47:03.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ImageCast X application",
"vendor": "Dominion Voting System",
"versions": [
{
"status": "affected",
"version": "Version 5.5-A Versions 5.5.10.30 and 5.5.10.32"
}
]
},
{
"product": "ImageCast X firmware",
"vendor": "Dominion Voting System",
"versions": [
{
"status": "affected",
"version": "Version 5.5-A"
}
]
}
],
"datePublic": "2022-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:25.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "2.2.5 PATH TRAVERSAL: \u0027../FILEDIR\u0027 CWE-24",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220603T06:00:00.000000Z",
"ID": "CVE-2022-1743",
"STATE": "PUBLIC",
"TITLE": "2.2.5 PATH TRAVERSAL: \u0027../FILEDIR\u0027 CWE-24"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ImageCast X application",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "Version 5.5-A",
"version_value": "Versions 5.5.10.30 and 5.5.10.32"
}
]
}
}
]
},
"vendor_name": "Dominion Voting System"
},
{
"product": {
"product_data": [
{
"product_name": "ImageCast X firmware",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "Version 5.5-A"
}
]
}
}
]
},
"vendor_name": "Dominion Voting System"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1743",
"datePublished": "2022-06-24T15:00:25.427Z",
"dateReserved": "2022-05-16T00:00:00.000Z",
"dateUpdated": "2025-04-17T18:47:03.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20656 (GCVE-0-2022-20656)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:36 – Updated: 2024-11-15 16:22
VLAI
Title
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Path Traversal Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system.
This vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to write arbitrary files to the host system.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Severity
6.5 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Evolved Programmable Network Manager (EPNM) |
Affected:
3.0.1
Affected: 3.1.2 Affected: 1.2 Affected: 3.1.1 Affected: 3.1.3 Affected: 3.1 Affected: 3.0.3 Affected: 3.0.2 Affected: 3.0 Affected: 2.2 Affected: 1.1 Affected: 2.1 Affected: 2.0 Affected: 4.1 Affected: 4.1.1 Affected: 4.0.3 Affected: 4.0.1 Affected: 4.0.2 Affected: 4.0 Affected: 5.0 Affected: 5.0.1 Affected: 5.1.1 Affected: 5.1 Affected: 5.0.2 Affected: 5.1.2 |
|
| Cisco | Cisco Prime Infrastructure |
Affected:
3.0.0
Affected: 3.1.0 Affected: 3.1.5 Affected: 2.1 Affected: 2.0.0 Affected: 3.6.0 Affected: 3.7.0 Affected: 3.4.0 Affected: 3.3.0 Affected: 3.2 Affected: 3.5.0 Affected: 3.2.0-FIPS Affected: 2.2 Affected: 3.8.0-FED Affected: 3.9.0 Affected: 3.8.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:22:22.303656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:22:46.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Evolved Programmable Network Manager (EPNM)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "4.0.3"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "5.0.2"
},
{
"status": "affected",
"version": "5.1.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Prime Infrastructure",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.6.0"
},
{
"status": "affected",
"version": "3.7.0"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.2.0-FIPS"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "3.8.0-FED"
},
{
"status": "affected",
"version": "3.9.0"
},
{
"status": "affected",
"version": "3.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;PI and Cisco\u0026nbsp;EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system.\r\n\r\nThis vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to write arbitrary files to the host system.\r\nCisco\u0026nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:36:09.274Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-pi-epnm-path-trav-zws324yn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention\u003c/strong\u003e: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see \u003ca href=\"https://www.cisco.com/c/en/us/products/security/secure-names.html\"\u003eMeet Cisco\u0026nbsp;Secure",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ"
}
],
"source": {
"advisory": "cisco-sa-pi-epnm-path-trav-zws324yn",
"defects": [
"CSCvz43433"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Path Traversal Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20656",
"datePublished": "2024-11-15T15:36:09.274Z",
"dateReserved": "2021-11-02T13:28:29.040Z",
"dateUpdated": "2024-11-15T16:22:46.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29253 (GCVE-0-2022-29253)
Vulnerability from cvelistv5 – Published: 2022-05-25 20:55 – Updated: 2025-04-23 18:21
VLAI
Title
Path Traversal in XWiki Platform
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue.
Severity
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/49… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-19349 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 8.3-rc-1, < 13.10.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9qrp-h7fw-42hg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19349"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:06:44.266704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:21:49.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.3-rc-1, \u003c 13.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with \"..\" in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T20:55:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9qrp-h7fw-42hg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19349"
}
],
"source": {
"advisory": "GHSA-9qrp-h7fw-42hg",
"discovery": "UNKNOWN"
},
"title": "Path Traversal in XWiki Platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29253",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in XWiki Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.3-rc-1, \u003c 13.10.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with \"..\" in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24: Path Traversal: \u0027../filedir\u0027"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9qrp-h7fw-42hg",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9qrp-h7fw-42hg"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19349",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19349"
}
]
},
"source": {
"advisory": "GHSA-9qrp-h7fw-42hg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29253",
"datePublished": "2022-05-25T20:55:10.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:21:49.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36065 (GCVE-0-2022-36065)
Vulnerability from cvelistv5 – Published: 2022-09-06 21:05 – Updated: 2025-04-23 17:14
VLAI
Title
GrowthBook account creation and file upload vulnerability in self-hosted configurations
Summary
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the right location, they can execute arbitrary code within the container. To be affected, ALL of the following must be true: Self-hosted deployment (GrowthBook Cloud is unaffected); using local file uploads (as opposed to S3 or Google Cloud Storage); NODE_ENV set to a non-production value and JWT_SECRET set to an easily guessable string like `dev`. This issue is patched in commit 1a5edff8786d141161bf880c2fd9ccbe2850a264 (2022-08-29). As a workaround, set `JWT_SECRET` environment variable to a long random string. This will stop arbitrary file uploads, but the only way to stop attackers from registering accounts is by updating to the latest build.
Severity
7.5 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/growthbook/growthbook/security… | x_refsource_CONFIRM |
| https://github.com/growthbook/growthbook/pull/487 | x_refsource_MISC |
| https://github.com/growthbook/growthbook/commit/1… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| growthbook | growthbook |
Affected:
< 2022-08-29
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/growthbook/growthbook/security/advisories/GHSA-j24q-55xh-wm4r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/growthbook/growthbook/pull/487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/growthbook/growthbook/commit/1a5edff8786d141161bf880c2fd9ccbe2850a264"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:49:47.356933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:14:18.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "growthbook",
"vendor": "growthbook",
"versions": [
{
"status": "affected",
"version": "\u003c 2022-08-29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the right location, they can execute arbitrary code within the container. To be affected, ALL of the following must be true: Self-hosted deployment (GrowthBook Cloud is unaffected); using local file uploads (as opposed to S3 or Google Cloud Storage); NODE_ENV set to a non-production value and JWT_SECRET set to an easily guessable string like `dev`. This issue is patched in commit 1a5edff8786d141161bf880c2fd9ccbe2850a264 (2022-08-29). As a workaround, set `JWT_SECRET` environment variable to a long random string. This will stop arbitrary file uploads, but the only way to stop attackers from registering accounts is by updating to the latest build."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T21:05:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/growthbook/growthbook/security/advisories/GHSA-j24q-55xh-wm4r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/growthbook/growthbook/pull/487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/growthbook/growthbook/commit/1a5edff8786d141161bf880c2fd9ccbe2850a264"
}
],
"source": {
"advisory": "GHSA-j24q-55xh-wm4r",
"discovery": "UNKNOWN"
},
"title": "GrowthBook account creation and file upload vulnerability in self-hosted configurations",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36065",
"STATE": "PUBLIC",
"TITLE": "GrowthBook account creation and file upload vulnerability in self-hosted configurations"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "growthbook",
"version": {
"version_data": [
{
"version_value": "\u003c 2022-08-29"
}
]
}
}
]
},
"vendor_name": "growthbook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the right location, they can execute arbitrary code within the container. To be affected, ALL of the following must be true: Self-hosted deployment (GrowthBook Cloud is unaffected); using local file uploads (as opposed to S3 or Google Cloud Storage); NODE_ENV set to a non-production value and JWT_SECRET set to an easily guessable string like `dev`. This issue is patched in commit 1a5edff8786d141161bf880c2fd9ccbe2850a264 (2022-08-29). As a workaround, set `JWT_SECRET` environment variable to a long random string. This will stop arbitrary file uploads, but the only way to stop attackers from registering accounts is by updating to the latest build."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24: Path Traversal: \u0027../filedir\u0027"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/growthbook/growthbook/security/advisories/GHSA-j24q-55xh-wm4r",
"refsource": "CONFIRM",
"url": "https://github.com/growthbook/growthbook/security/advisories/GHSA-j24q-55xh-wm4r"
},
{
"name": "https://github.com/growthbook/growthbook/pull/487",
"refsource": "MISC",
"url": "https://github.com/growthbook/growthbook/pull/487"
},
{
"name": "https://github.com/growthbook/growthbook/commit/1a5edff8786d141161bf880c2fd9ccbe2850a264",
"refsource": "MISC",
"url": "https://github.com/growthbook/growthbook/commit/1a5edff8786d141161bf880c2fd9ccbe2850a264"
}
]
},
"source": {
"advisory": "GHSA-j24q-55xh-wm4r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36065",
"datePublished": "2022-09-06T21:05:10.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:14:18.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1398 (GCVE-0-2023-1398)
Vulnerability from cvelistv5 – Published: 2023-03-14 14:43 – Updated: 2024-08-02 05:49
VLAI
Title
XiaoBingBy TeaCMS upload path traversal
Summary
A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability.
Severity
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.222985 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.222985 | signaturepermissions-required |
| https://gitee.com/xiaobingby/TeaCMS/issues/I6IIYV | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| XiaoBingBy | TeaCMS |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:10.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.222985"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.222985"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://gitee.com/xiaobingby/TeaCMS/issues/I6IIYV"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TeaCMS",
"vendor": "XiaoBingBy",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB Gitee Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: \u0027../filedir\u0027. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In XiaoBingBy TeaCMS 2.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/upload. Durch Manipulation mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T08:37:54.214Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.222985"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.222985"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/xiaobingby/TeaCMS/issues/I6IIYV"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-14T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-04-07T09:46:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "XiaoBingBy TeaCMS upload path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1398",
"datePublished": "2023-03-14T14:43:03.088Z",
"dateReserved": "2023-03-14T14:42:26.006Z",
"dateUpdated": "2024-08-02T05:49:10.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1800 (GCVE-0-2023-1800)
Vulnerability from cvelistv5 – Published: 2023-04-02 10:31 – Updated: 2024-11-22 21:40
VLAI
Title
sjqzhang go-fastdfs File Upload uploa upload path traversal
Summary
A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768.
Severity
7.3 (High)
7.3 (High)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.224768 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.224768 | signaturepermissions-required |
| https://github.com/yangyanglo/ForCVE/blob/main/20… | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sjqzhang | go-fastdfs |
Affected:
1.4.0
Affected: 1.4.1 Affected: 1.4.2 Affected: 1.4.3 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:25.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.224768"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.224768"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/yangyanglo/ForCVE/blob/main/2023-0x05.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T21:40:11.452487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:40:19.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"File Upload Handler"
],
"product": "go-fastdfs",
"vendor": "sjqzhang",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.4.2"
},
{
"status": "affected",
"version": "1.4.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yangyanglo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: \u0027../filedir\u0027. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in sjqzhang go-fastdfs bis 1.4.3 entdeckt. Betroffen davon ist die Funktion upload der Datei /group1/uploa der Komponente File Upload Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:49:43.490Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.224768"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.224768"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/yangyanglo/ForCVE/blob/main/2023-0x05.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-04-02T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-04-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-04-21T14:27:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "sjqzhang go-fastdfs File Upload uploa upload path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1800",
"datePublished": "2023-04-02T10:31:03.341Z",
"dateReserved": "2023-04-02T07:49:53.961Z",
"dateUpdated": "2024-11-22T21:40:19.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20098 (GCVE-0-2023-20098)
Vulnerability from cvelistv5 – Published: 2023-05-09 13:12 – Updated: 2024-08-02 08:57
VLAI
Summary
A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.
This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.
Severity
4.4 (Medium)
CWE
- CWE-24 - Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco SD-WAN vManage |
Affected:
20.9.1
Affected: 20.9.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sdwan-vmanage-wfnqmYhN",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco SD-WAN vManage",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.\r\n\r This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:43.789Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-vmanage-wfnqmYhN",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN"
}
],
"source": {
"advisory": "cisco-sa-sdwan-vmanage-wfnqmYhN",
"defects": [
"CSCwd42486"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20098",
"datePublished": "2023-05-09T13:12:22.765Z",
"dateReserved": "2022-10-27T18:47:50.338Z",
"dateUpdated": "2024-08-02T08:57:35.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20166 (GCVE-0-2023-20166)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:29
VLAI
Title
Cisco Identity Services Engine Path Traversal Vulnerabilities
Summary
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity
6 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/c… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Affected:
n/a
|
Date Public
2023-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Identity Services Engine Path Traversal Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:18:56.541796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:29:32.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Identity Services Engine Path Traversal Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu"
}
],
"source": {
"advisory": "cisco-sa-ise-traversal-ZTUgMYhu",
"defect": [
[
"CSCwd07350",
"CSCwe17953"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Identity Services Engine Path Traversal Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20166",
"datePublished": "2023-05-18T00:00:00.000Z",
"dateReserved": "2022-10-27T00:00:00.000Z",
"dateUpdated": "2024-10-28T16:29:32.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5.1
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.