cvelistv5 - cve-2023-29159

cve-2023-29159

Vulnerability from cvelistv5

Published

2023-06-01 00:00

Modified

2024-08-02 14:00

Severity

Summary

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

References

Source	URL	Tags
vultures@jpcert.or.jp	https://github.com/encode/starlette/releases/tag/0.27.0	Release Notes
vultures@jpcert.or.jp	https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px	Exploit, Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN95981715/	Third Party Advisory

Impacted products

Vendor	Product
Encode	Starlette

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:14.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/encode/starlette/releases/tag/0.27.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN95981715/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Starlette",
          "vendor": "Encode",
          "versions": [
            {
              "status": "affected",
              "version": "versions 0.13.5 and later and prior to 0.27.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-01T00:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px"
        },
        {
          "url": "https://github.com/encode/starlette/releases/tag/0.27.0"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN95981715/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-29159",
    "datePublished": "2023-06-01T00:00:00",
    "dateReserved": "2023-05-11T00:00:00",
    "dateUpdated": "2024-08-02T14:00:14.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-29159\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2023-06-01T02:15:09.803\",\"lastModified\":\"2023-06-08T01:59:38.140\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de salto de directorios en Starlette v0.13.5 y posteriores y anteriores a 0.27.0 permite a un atacante remoto no autenticado ver archivos en un servicio web que fue creado usando Starlette. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:*\",\"versionStartIncluding\":\"0.13.5\",\"versionEndExcluding\":\"0.27.0\",\"matchCriteriaId\":\"4AD6432E-5F9B-4A84-A978-5AD14E90C5E9\"}]}]}],\"references\":[{\"url\":\"https://github.com/encode/starlette/releases/tag/0.27.0\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN95981715/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

wid-sec-w-2024-0423

Vulnerability from csaf_certbund

Published

2024-02-19 23:00

Modified

2024-02-19 23:00

Summary

IBM Business Automation Workflow: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM Business Automation Workflow ist eine Lösung zur Automatisierung von Arbeitsabläufen.

Angriff

Ein entfernter Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0423 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0423.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0423 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0423"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-02-19",
        "url": "https://www.ibm.com/support/pages/node/7120748"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Business Automation Workflow: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-19T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-20T09:35:57.358+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0423",
      "initial_release_date": "2024-02-19T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-19T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "V23.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow V23.0.2",
                  "product_id": "T032911",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:v23.0.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-44271",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032911"
        ]
      },
      "release_date": "2024-02-19T23:00:00Z",
      "title": "CVE-2023-44271"
    },
    {
      "cve": "CVE-2023-43804",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032911"
        ]
      },
      "release_date": "2024-02-19T23:00:00Z",
      "title": "CVE-2023-43804"
    },
    {
      "cve": "CVE-2023-29824",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032911"
        ]
      },
      "release_date": "2024-02-19T23:00:00Z",
      "title": "CVE-2023-29824"
    },
    {
      "cve": "CVE-2023-29159",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032911"
        ]
      },
      "release_date": "2024-02-19T23:00:00Z",
      "title": "CVE-2023-29159"
    },
    {
      "cve": "CVE-2023-27043",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032911"
        ]
      },
      "release_date": "2024-02-19T23:00:00Z",
      "title": "CVE-2023-27043"
    },
    {
      "cve": "CVE-2023-25399",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032911"
        ]
      },
      "release_date": "2024-02-19T23:00:00Z",
      "title": "CVE-2023-25399"
    }
  ]
}

ghsa-v5gw-mw7f-84px

Vulnerability from github

Published

2023-05-17 03:49

Modified

2023-06-12 16:47

Severity

3.7 (Low) - CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Starlette has Path Traversal vulnerability in StaticFiles

Details

Summary

When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability.

Details

The root cause of this issue is the usage of os.path.commonprefix(): https://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174

As stated in the Python documentation (https://docs.python.org/3/library/os.path.html#os.path.commonprefix) this function returns the longest prefix common to paths.

When passing a path like /static/../static1.txt, os.path.commonprefix([full_path, directory]) returns ./static which is the common part of ./static1.txt and ./static, It refers to /static/../static1.txt because it is considered in the staticfiles directory. As a result, it becomes possible to view files that should not be open to the public.

The solution is to use os.path.commonpath as the Python documentation explains that os.path.commonprefix works a character at a time, it does not treat the arguments as paths.

PoC

In order to reproduce the issue, you need to create the following structure:

├── static │ ├── index.html ├── static_disallow │ ├── index.html └── static1.txt

And run the Starlette app with:

```py import uvicorn from starlette.applications import Starlette from starlette.routing import Mount from starlette.staticfiles import StaticFiles

routes = [ Mount("/static", app=StaticFiles(directory="static", html=True), name="static"), ]

app = Starlette(routes=routes)

if name == "main": uvicorn.run(app, host="0.0.0.0", port=8000) ```

And running the commands:

shell curl --path-as-is 'localhost:8000/static/../static_disallow/' curl --path-as-is 'localhost:8000/static/../static1.txt' The static1.txt and the directory static_disallow are exposed.

Impact

Confidentiality is breached: An attacker may obtain files that should not be open to the public.

Credits

Security researcher Masashi Yamane of LAC Co., Ltd reported this vulnerability to JPCERT/CC Vulnerability Coordination Group and they contacted us to coordinate a patch for the security issue.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "ecosystem_specific": {
        "affected_functions": [
          "starlette.staticfiles.StaticFiles.lookup_path"
        ]
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "starlette"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.13.5"
            },
            {
              "fixed": "0.27.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29159"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-17T03:49:14Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Summary\nWhen using `StaticFiles`, if there\u0027s a file or directory that starts with the same name as the `StaticFiles` directory, that file or directory is also exposed via `StaticFiles` which is a path traversal vulnerability.\n\n### Details\nThe root cause of this issue is the usage of `os.path.commonprefix()`:\nhttps://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174\n\nAs stated in the Python documentation (https://docs.python.org/3/library/os.path.html#os.path.commonprefix) this function returns the longest prefix common to paths.\n\nWhen passing a path like `/static/../static1.txt`, `os.path.commonprefix([full_path, directory])` returns `./static` which is the common part of `./static1.txt` and `./static`, It refers to `/static/../static1.txt` because it is considered in the staticfiles directory. As a result, it becomes possible to view files that should not be open to the public.\n\nThe solution is to use `os.path.commonpath` as the Python documentation explains that `os.path.commonprefix` works a character at a time, it does not treat the arguments as paths.\n\n### PoC\nIn order to reproduce the issue, you need to create the following structure:\n\n```\n\u251c\u2500\u2500 static\n\u2502   \u251c\u2500\u2500 index.html\n\u251c\u2500\u2500 static_disallow\n\u2502   \u251c\u2500\u2500 index.html\n\u2514\u2500\u2500 static1.txt\n```\n\nAnd run the `Starlette` app with:\n\n```py\nimport uvicorn\nfrom starlette.applications import Starlette\nfrom starlette.routing import Mount\nfrom starlette.staticfiles import StaticFiles\n\n\nroutes = [\n    Mount(\"/static\", app=StaticFiles(directory=\"static\", html=True), name=\"static\"),\n]\n\napp = Starlette(routes=routes)\n\n\nif __name__ == \"__main__\":\n    uvicorn.run(app, host=\"0.0.0.0\", port=8000)\n```\n\nAnd running the commands:\n\n```shell\ncurl --path-as-is \u0027localhost:8000/static/../static_disallow/\u0027\ncurl --path-as-is \u0027localhost:8000/static/../static1.txt\u0027\n```\nThe `static1.txt` and the directory `static_disallow` are exposed.\n\n### Impact\nConfidentiality is breached: An attacker may obtain files that should not be open to the public.\n\n### Credits\nSecurity researcher **Masashi Yamane of LAC Co., Ltd** reported this vulnerability to **JPCERT/CC Vulnerability Coordination Group** and they contacted us to coordinate a patch for the security issue.\n",
  "id": "GHSA-v5gw-mw7f-84px",
  "modified": "2023-06-12T16:47:36Z",
  "published": "2023-05-17T03:49:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29159"
    },
    {
      "type": "WEB",
      "url": "https://github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/encode/starlette"
    },
    {
      "type": "WEB",
      "url": "https://github.com/encode/starlette/blob/4bab981d9e870f6cee1bd4cd59b87ddaf355b2dc/starlette/staticfiles.py#L172-L174"
    },
    {
      "type": "WEB",
      "url": "https://github.com/encode/starlette/releases/tag/0.27.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2023-83.yaml"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN95981715"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Starlette has Path Traversal vulnerability in StaticFiles"
}

pysec-2023-83

Vulnerability from pysec

Published

2023-06-01 02:15

Modified

2023-06-08 05:25

Details

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "starlette",
        "purl": "pkg:pypi/starlette"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.13.5"
            },
            {
              "fixed": "0.27.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.13.5",
        "0.13.6",
        "0.13.7",
        "0.13.8",
        "0.14.0",
        "0.14.1",
        "0.14.2",
        "0.15.0",
        "0.16.0",
        "0.17.0",
        "0.17.1",
        "0.18.0",
        "0.19.0",
        "0.19.1",
        "0.20.0",
        "0.20.1",
        "0.20.2",
        "0.20.3",
        "0.20.4",
        "0.21.0",
        "0.22.0",
        "0.23.0",
        "0.23.1",
        "0.24.0",
        "0.25.0",
        "0.26.0",
        "0.26.0.post1",
        "0.26.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29159",
    "GHSA-v5gw-mw7f-84px"
  ],
  "details": "Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.",
  "id": "PYSEC-2023-83",
  "modified": "2023-06-08T05:25:54.818459Z",
  "published": "2023-06-01T02:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/encode/starlette/releases/tag/0.27.0"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN95981715/"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px"
    }
  ]
}

gsd-2023-29159

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

Aliases

CVE-2023-29159

Aliases

CVE-2023-29159

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-29159",
    "id": "GSD-2023-29159"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-29159"
      ],
      "details": "Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.",
      "id": "GSD-2023-29159",
      "modified": "2023-12-13T01:20:56.742340Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2023-29159",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Starlette",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "versions 0.13.5 and later and prior to 0.27.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Encode"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Directory traversal"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px",
            "refsource": "MISC",
            "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px"
          },
          {
            "name": "https://github.com/encode/starlette/releases/tag/0.27.0",
            "refsource": "MISC",
            "url": "https://github.com/encode/starlette/releases/tag/0.27.0"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN95981715/",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN95981715/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.27.0",
                "versionStartIncluding": "0.13.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2023-29159"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/encode/starlette/releases/tag/0.27.0",
              "refsource": "MISC",
              "tags": [
                "Release Notes"
              ],
              "url": "https://github.com/encode/starlette/releases/tag/0.27.0"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN95981715/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN95981715/"
            },
            {
              "name": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-06-08T01:59Z",
      "publishedDate": "2023-06-01T02:15Z"
    }
  }
}

cve-2023-29159

Vulnerability from jvndb

Published

2023-05-30 13:34

Modified

2024-03-19 18:08

Severity

3.7 (Low) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Starlette vulnerable to directory traversal

Details

Starlette provided by Encode contains a directory traversal vulnerability (CWE-22). Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type	URL
JVN	http://jvn.jp/en/jp/JVN95981715/index.html
CVE	https://www.cve.org/CVERecord?id=CVE-2023-29159
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-29159
Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Encode	Starlette

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000056.html",
  "dc:date": "2024-03-19T18:08+09:00",
  "dcterms:issued": "2023-05-30T13:34+09:00",
  "dcterms:modified": "2024-03-19T18:08+09:00",
  "description": "Starlette provided by Encode contains a directory traversal vulnerability (CWE-22).\r\n\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000056.html",
  "sec:cpe": {
    "#text": "cpe:/a:encode:starlette",
    "@product": "Starlette",
    "@vendor": "Encode",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "3.7",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000056",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN95981715/index.html",
      "@id": "JVN#95981715",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-29159",
      "@id": "CVE-2023-29159",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-29159",
      "@id": "CVE-2023-29159",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "Starlette vulnerable to directory traversal"
}

Action not permitted

cve-2023-29159

Vulnerability from cvelistv5

wid-sec-w-2024-0423

Vulnerability from csaf_certbund

ghsa-v5gw-mw7f-84px

Vulnerability from github

Summary

Details

PoC

Impact

Credits

pysec-2023-83

Vulnerability from pysec

gsd-2023-29159

Vulnerability from gsd

cve-2023-29159

Vulnerability from jvndb

Tags