CWE-24

Path Traversal: '../filedir'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

CVE-2014-125033 (GCVE-0-2014-125033)
Vulnerability from cvelistv5
Published
2023-01-02 07:51
Modified
2024-08-06 14:10
CWE
  • CWE-24 - Path Traversal: '../filedir'
Summary
A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability.
Impacted products
Vendor Product Version
n/a rails-cv-app Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:10:56.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.217178"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.217178"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rails-cv-app",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: \u0027../filedir\u0027. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in rails-cv-app ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei app/controllers/uploaded_files_controller.rb. Mittels dem Manipulieren mit der Eingabe ../../../etc/passwd mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 0d20362af0a5f8a126f67c77833868908484a863 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.7,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T05:57:08.811Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.217178"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.217178"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-01-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-01-02T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-01-02T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-01-26T20:19:57.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "rails-cv-app uploaded_files_controller.rb path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2014-125033",
    "datePublished": "2023-01-02T07:51:16.499Z",
    "dateReserved": "2023-01-02T07:48:48.917Z",
    "dateUpdated": "2024-08-06T14:10:56.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-25094 (GCVE-0-2018-25094)
Vulnerability from cvelistv5
Published
2023-12-03 10:31
Modified
2024-08-05 12:33
CWE
  • CWE-24 - Path Traversal: '../filedir'
Summary
A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability.
References
Impacted products
Vendor Product Version
ระบบบัญชีออนไลน์ Online Accounting System Version: 1.0
Version: 1.1
Version: 1.2
Version: 1.3
Version: 1.4
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:49.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.246641"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.246641"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/59160781/project/commit/9d9618422b980335bb30be612ea90f4f56cb992c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Online Accounting System",
          "vendor": "\u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0d\u0e0a\u0e35\u0e2d\u0e2d\u0e19\u0e44\u0e25\u0e19\u0e4c",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "1.2"
            },
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in \u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0d\u0e0a\u0e35\u0e2d\u0e2d\u0e19\u0e44\u0e25\u0e19\u0e4c Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: \u0027../filedir\u0027. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in \u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0d\u0e0a\u0e35\u0e2d\u0e2d\u0e19\u0e44\u0e25\u0e19\u0e4c Online Accounting System bis 1.4.0 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei ckeditor/filemanager/browser/default/image.php. Durch Beeinflussen des Arguments fid mit der Eingabe ../../../etc/passwd mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 9d9618422b980335bb30be612ea90f4f56cb992c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.7,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-03T10:31:03.118Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.246641"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.246641"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/59160781/project/commit/9d9618422b980335bb30be612ea90f4f56cb992c"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2018-03-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2018-03-18T00:00:00.000Z",
          "value": "Countermeasure disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-02T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-12-02T08:47:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "\u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0d\u0e0a\u0e35\u0e2d\u0e2d\u0e19\u0e44\u0e25\u0e19\u0e4c Online Accounting System image.php path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2018-25094",
    "datePublished": "2023-12-03T10:31:03.118Z",
    "dateReserved": "2023-12-02T07:41:58.211Z",
    "dateUpdated": "2024-08-05T12:33:49.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-25087 (GCVE-0-2019-25087)
Vulnerability from cvelistv5
Published
2022-12-27 08:42
Modified
2024-11-19 19:47
CWE
  • CWE-24 - Path Traversal: '../filedir'
Summary
A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863.
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:00:19.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.216863"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.216863"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/RamseyK/httpserver/commit/1a0de56e4dafff9c2f9c8f6b130a764f7a50df52"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25087",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T19:47:46.694968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T19:47:57.738Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "URI Handler"
          ],
          "product": "httpserver",
          "vendor": "RamseyK",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: \u0027../filedir\u0027. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in RamseyK httpserver ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion ResourceHost::getResource der Datei src/ResourceHost.cpp der Komponente URI Handler. Durch das Beeinflussen des Arguments uri mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-27T08:42:42.309Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.216863"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.216863"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/RamseyK/httpserver/commit/1a0de56e4dafff9c2f9c8f6b130a764f7a50df52"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-12-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2022-12-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2022-12-27T09:47:39.000Z",
          "value": "VulDB last update"
        }
      ],
      "title": "RamseyK httpserver URI ResourceHost.cpp getResource path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2019-25087",
    "datePublished": "2022-12-27T08:42:42.309Z",
    "dateReserved": "2022-12-27T08:41:11.243Z",
    "dateUpdated": "2024-11-19T19:47:57.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7882 (GCVE-0-2020-7882)
Vulnerability from cvelistv5
Published
2021-11-22 14:43
Modified
2024-08-04 09:48
CWE
  • CWE-24 - Path Traversal: '../filedir'
Summary
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')
Impacted products
Vendor Product Version
Hancomwith anySign4PC Version: 1.1.1.0
Version: 1.1.2.6
Version: 1.1.2.7
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:48:23.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "anySign4PC",
          "vendor": "Hancomwith",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.1.0"
            },
            {
              "status": "affected",
              "version": "1.1.2.6"
            },
            {
              "status": "affected",
              "version": "1.1.2.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. \u0027../../../\u0027)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-22T14:43:26",
        "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "shortName": "krcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "anySign directory traversal vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vuln@krcert.or.kr",
          "ID": "CVE-2020-7882",
          "STATE": "PUBLIC",
          "TITLE": "anySign directory traversal vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "anySign4PC",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "1.1.1.0",
                            "version_value": "1.1.1.0"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "1.1.2.6",
                            "version_value": "1.1.2.6"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "1.1.2.7",
                            "version_value": "1.1.2.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hancomwith"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. \u0027../../../\u0027)"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344",
              "refsource": "MISC",
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
    "assignerShortName": "krcert",
    "cveId": "CVE-2020-7882",
    "datePublished": "2021-11-22T14:43:26",
    "dateReserved": "2020-01-22T00:00:00",
    "dateUpdated": "2024-08-04T09:48:23.706Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8567 (GCVE-0-2020-8567)
Vulnerability from cvelistv5
Published
2021-01-21 17:09
Modified
2024-09-16 18:23
CWE
  • CWE-24 - Path Traversal: '../filedir'
Summary
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
Impacted products
Vendor Product Version
Kubernetes Kubernetes Secrets Store CSI Driver Version: Vault Plugin   < v0.0.6
Version: Azure Plugin   < v0.0.10
Version: GCP Plugin   < v0.2.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kubernetes Secrets Store CSI Driver",
          "vendor": "Kubernetes",
          "versions": [
            {
              "lessThan": "v0.0.6",
              "status": "affected",
              "version": "Vault Plugin",
              "versionType": "custom"
            },
            {
              "lessThan": "v0.0.10",
              "status": "affected",
              "version": "Azure Plugin",
              "versionType": "custom"
            },
            {
              "lessThan": "v0.2.0",
              "status": "affected",
              "version": "GCP Plugin",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tommy Murphy of Google"
        }
      ],
      "datePublic": "2020-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-21T17:09:21",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
        }
      ],
      "source": {
        "defect": [
          "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Kubernetes Secrets Store CSI Driver plugin directory traversals",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "DATE_PUBLIC": "2020-11-16T21:00:00.000Z",
          "ID": "CVE-2020-8567",
          "STATE": "PUBLIC",
          "TITLE": "Kubernetes Secrets Store CSI Driver plugin directory traversals"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kubernetes Secrets Store CSI Driver",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Vault Plugin",
                            "version_value": "v0.0.6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Azure Plugin",
                            "version_value": "v0.0.10"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "GCP Plugin",
                            "version_value": "v0.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kubernetes"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Tommy Murphy of Google"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY"
            },
            {
              "name": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384",
              "refsource": "MISC",
              "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
            }
          ]
        },
        "source": {
          "defect": [
            "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2020-8567",
    "datePublished": "2021-01-21T17:09:21.322492Z",
    "dateReserved": "2020-02-03T00:00:00",
    "dateUpdated": "2024-09-16T18:23:40.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8568 (GCVE-0-2020-8568)
Vulnerability from cvelistv5
Published
2021-01-21 17:09
Modified
2024-09-17 03:28
CWE
  • CWE-24 - Path Traversal: '../filedir'
  • CWE-20 - Improper Input Validation
Summary
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.
Impacted products
Vendor Product Version
Kubernetes Kubernetes Secrets Store CSI Driver Version: Kubernetes Secrets Store CSI Driver v0.0.15
Version: Kubernetes Secrets Store CSI Driver v0.0.16
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kubernetes Secrets Store CSI Driver",
          "vendor": "Kubernetes",
          "versions": [
            {
              "status": "affected",
              "version": "Kubernetes Secrets Store CSI Driver v0.0.15"
            },
            {
              "status": "affected",
              "version": "Kubernetes Secrets Store CSI Driver v0.0.16"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tommy Murphy of Google"
        }
      ],
      "datePublic": "2020-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-21T17:09:21",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
        }
      ],
      "source": {
        "defect": [
          "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Kubernetes Secrets Store CSI Driver sync/rotate directory traversal",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "DATE_PUBLIC": "2020-11-10T21:00:00.000Z",
          "ID": "CVE-2020-8568",
          "STATE": "PUBLIC",
          "TITLE": "Kubernetes Secrets Store CSI Driver sync/rotate directory traversal"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kubernetes Secrets Store CSI Driver",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "Kubernetes Secrets Store CSI Driver",
                            "version_value": "v0.0.15"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Kubernetes Secrets Store CSI Driver",
                            "version_value": "v0.0.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kubernetes"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Tommy Murphy of Google"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"
            },
            {
              "name": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378",
              "refsource": "MISC",
              "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
            }
          ]
        },
        "source": {
          "defect": [
            "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2020-8568",
    "datePublished": "2021-01-21T17:09:21.450754Z",
    "dateReserved": "2020-02-03T00:00:00",
    "dateUpdated": "2024-09-17T03:28:40.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9708 (GCVE-0-2020-9708)
Vulnerability from cvelistv5
Published
2020-08-14 16:48
Modified
2024-09-16 16:43
CWE
  • CWE-24 - Path Traversal: '../filedir'
Summary
The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.
Impacted products
Vendor Product Version
Adobe Helix Version: unspecified   < 1.3.1
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Helix",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThan": "1.3.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Loba\u010devski)."
        }
      ],
      "datePublic": "2020-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The resolveRepositoryPath function doesn\u0027t properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-14T16:48:30",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2020-08-10T23:00:00.000Z",
          "ID": "CVE-2020-9708",
          "STATE": "PUBLIC",
          "TITLE": "GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Helix",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Loba\u010devski)."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The resolveRepositoryPath function doesn\u0027t properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93",
              "refsource": "MISC",
              "url": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-9708",
    "datePublished": "2020-08-14T16:48:30.769927Z",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-09-16T16:43:25.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-21706 (GCVE-0-2021-21706)
Vulnerability from cvelistv5
Published
2021-10-04 04:00
Modified
2024-09-16 23:06
CWE
  • CWE-24 - Path Traversal: '../filedir'
Summary
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
References
Impacted products
Vendor Product Version
PHP Group PHP Version: 7.3.x   < 7.3.31
Version: 7.4.x   < 7.4.24
Version: 8.0.X   < 8.0.11
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:23:28.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=81420"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211029-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "7.3.31",
              "status": "affected",
              "version": "7.3.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.24",
              "status": "affected",
              "version": "7.4.x",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.11",
              "status": "affected",
              "version": "8.0.X",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "reported by vi at hackberry dot xyz"
        }
      ],
      "datePublic": "2021-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-29T12:06:47",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=81420"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211029-0007/"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=81420"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ZipArchive::extractTo may extract outside of destination dir",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2021-09-21T11:32:00.000Z",
          "ID": "CVE-2021-21706",
          "STATE": "PUBLIC",
          "TITLE": "ZipArchive::extractTo may extract outside of destination dir"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.3.x",
                            "version_value": "7.3.31"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.4.x",
                            "version_value": "7.4.24"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.0.X",
                            "version_value": "8.0.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "reported by vi at hackberry dot xyz"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=81420",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=81420"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211029-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211029-0007/"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=81420"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2021-21706",
    "datePublished": "2021-10-04T04:00:17.182563Z",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-09-16T23:06:09.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26725 (GCVE-0-2021-26725)
Vulnerability from cvelistv5
Published
2021-02-22 20:31
Modified
2024-09-17 14:24
CWE
  • CWE-24 - Path Traversal: '../filedir'
Summary
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.
References
Impacted products
Vendor Product Version
Nozomi Networks Guardian Version: 20.0.7.3 and prior versions   <
Create a notification for this product.
   Nozomi Networks CMC Version: 20.0.7.3 and prior versions   <
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:40.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.nozominetworks.com/NN-2021:2-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26725",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T18:22:47.500572Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T14:24:48.138Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Guardian",
          "vendor": "Nozomi Networks",
          "versions": [
            {
              "status": "affected",
              "version": "20.0.7.3 and prior versions",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CMC",
          "vendor": "Nozomi Networks",
          "versions": [
            {
              "status": "affected",
              "version": "20.0.7.3 and prior versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This bug was found by Erik de Jong"
        }
      ],
      "datePublic": "2021-02-21T23:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePath Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.\u003c/p\u003e"
            }
          ],
          "value": "Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T10:29:15.480Z",
        "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "shortName": "Nozomi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.nozominetworks.com/NN-2021:2-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ev19 series: Upgrade to v19.0.12.  \u003c/p\u003e\u003cp\u003ev20 series: Upgrade to v20.0.7.4.\u003c/p\u003e"
            }
          ],
          "value": "v19 series: Upgrade to v19.0.12.  \n\nv20 series: Upgrade to v20.0.7.4."
        }
      ],
      "source": {
        "advisory": "https://security.nozominetworks.com/NN-2021:2-01",
        "discovery": "EXTERNAL"
      },
      "title": "Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUse internal firewall feature to limit management interface access and review user roles.\u003c/p\u003e"
            }
          ],
          "value": "Use internal firewall feature to limit management interface access and review user roles."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@nozominetworks.com",
          "DATE_PUBLIC": "2021-02-22T00:00:00.000Z",
          "ID": "CVE-2021-26725",
          "STATE": "PUBLIC",
          "TITLE": "Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Guardian",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "20.0.7.3 and prior versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CMC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "20.0.7.3 and prior versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Nozomi Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This bug was found by Erik de Jong"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.nozominetworks.com/NN-2021:2-01",
              "refsource": "CONFIRM",
              "url": "https://security.nozominetworks.com/NN-2021:2-01"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "v19 series: Upgrade to v19.0.12.  v20 series: Upgrade to v20.0.7.4."
          }
        ],
        "source": {
          "advisory": "https://security.nozominetworks.com/NN-2021:2-01",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Use internal firewall feature to limit management interface access and review user roles."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
    "assignerShortName": "Nozomi",
    "cveId": "CVE-2021-26725",
    "datePublished": "2021-02-22T20:31:06.852922Z",
    "dateReserved": "2021-02-05T00:00:00",
    "dateUpdated": "2024-09-17T14:24:48.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29466 (GCVE-0-2021-29466)
Vulnerability from cvelistv5
Published
2021-04-22 00:35
Modified
2024-08-03 22:11
CWE
  • CWE-24 - Path Traversal: '../filedir'
Summary
Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file `app.py` and add `.replace('..', '')` into the `Path` variable inside of the `recon` function. The vulnerability is patched in version 0.0.4.
Impacted products
Vendor Product Version
DEMON1A Discord-Recon Version: <= 0.0.3
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:05.521Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-p2pw-8xwf-879g"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Discord-Recon",
          "vendor": "DEMON1A",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 0.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file `app.py` and add `.replace(\u0027..\u0027, \u0027\u0027)` into the `Path` variable inside of the `recon` function. The vulnerability is patched in version 0.0.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T00:35:13",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-p2pw-8xwf-879g"
        }
      ],
      "source": {
        "advisory": "GHSA-p2pw-8xwf-879g",
        "discovery": "UNKNOWN"
      },
      "title": "Path Traversal at Discord-Recon .recon Command Path",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-29466",
          "STATE": "PUBLIC",
          "TITLE": "Path Traversal at Discord-Recon .recon Command Path"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Discord-Recon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 0.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "DEMON1A"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file `app.py` and add `.replace(\u0027..\u0027, \u0027\u0027)` into the `Path` variable inside of the `recon` function. The vulnerability is patched in version 0.0.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-p2pw-8xwf-879g",
              "refsource": "CONFIRM",
              "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-p2pw-8xwf-879g"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-p2pw-8xwf-879g",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-29466",
    "datePublished": "2021-04-22T00:35:13",
    "dateReserved": "2021-03-30T00:00:00",
    "dateUpdated": "2024-08-03T22:11:05.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation ID: MIT-5.1

Phase: Implementation

Strategy: Input Validation

Description:

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20

Phase: Implementation

Strategy: Input Validation

Description:

  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page