CVE-2023-37474 (GCVE-0-2023-37474)

Vulnerability from cvelistv5

Published

2023-07-14 19:55

Modified

2025-02-13 17:01

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

►

URL

Tags

security-advisories@github.com	http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html
security-advisories@github.com	https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff	Patch
security-advisories@github.com	https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html
af854a3a-2127-422b-91ae-364da2661108	https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	9001	copyparty	Version: < 1.8.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:16:30.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg"
          },
          {
            "name": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:copyparty_project:copyparty:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "copyparty",
            "vendor": "copyparty_project",
            "versions": [
              {
                "lessThan": "1.8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37474",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T17:31:35.536999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-18T17:45:51.933Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "copyparty",
          "vendor": "9001",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.8.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T18:06:31.899Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg"
        },
        {
          "name": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
        },
        {
          "url": "http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html"
        }
      ],
      "source": {
        "advisory": "GHSA-pxfv-7rr3-2qjg",
        "discovery": "UNKNOWN"
      },
      "title": "Path traversal in copyparty"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-37474",
    "datePublished": "2023-07-14T19:55:22.779Z",
    "dateReserved": "2023-07-06T13:01:36.998Z",
    "dateUpdated": "2025-02-13T17:01:27.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-37474\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-07-14T20:15:09.083\",\"lastModified\":\"2024-11-21T08:11:47.207\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:copyparty_project:copyparty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.8.2\",\"matchCriteriaId\":\"70E4D74A-BEE5-4FD5-85C2-29C30D148751\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg\", \"name\": \"https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff\", \"name\": \"https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:16:30.840Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-37474\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-18T17:31:35.536999Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:copyparty_project:copyparty:*:*:*:*:*:*:*:*\"], \"vendor\": \"copyparty_project\", \"product\": \"copyparty\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.8.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-18T17:45:47.418Z\"}}], \"cna\": {\"title\": \"Path traversal in copyparty\", \"source\": {\"advisory\": \"GHSA-pxfv-7rr3-2qjg\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"9001\", \"product\": \"copyparty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.8.2\"}]}], \"references\": [{\"url\": \"https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg\", \"name\": \"https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff\", \"name\": \"https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-07-14T19:55:22.779Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-37474\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-18T17:45:51.933Z\", \"dateReserved\": \"2023-07-06T13:01:36.998Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-07-14T19:55:22.779Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2023-37474

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-37474

Aliases

CVE-2023-37474

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-37474",
    "id": "GSD-2023-37474"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-37474"
      ],
      "details": "Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
      "id": "GSD-2023-37474",
      "modified": "2023-12-13T01:20:24.999057Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-37474",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "copyparty",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 1.8.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "9001"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-22",
                "lang": "eng",
                "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg",
            "refsource": "MISC",
            "url": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg"
          },
          {
            "name": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff",
            "refsource": "MISC",
            "url": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
          },
          {
            "name": "http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-pxfv-7rr3-2qjg",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.8.2",
          "affected_versions": "All versions before 1.8.2",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2023-07-31",
          "description": "Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
          "fixed_versions": [
            "1.8.2"
          ],
          "identifier": "CVE-2023-37474",
          "identifiers": [
            "CVE-2023-37474",
            "GHSA-pxfv-7rr3-2qjg"
          ],
          "not_impacted": "All versions starting from 1.8.2",
          "package_slug": "pypi/copyparty",
          "pubdate": "2023-07-14",
          "solution": "Upgrade to version 1.8.2 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-37474",
            "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg",
            "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
          ],
          "uuid": "7e948bd1-170c-49d9-9204-8e68cef90e5d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:copyparty_project:copyparty:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.8.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-37474"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg"
            },
            {
              "name": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
            },
            {
              "name": "http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-07-31T19:15Z",
      "publishedDate": "2023-07-14T20:15Z"
    }
  }
}

fkie_cve-2023-37474

Vulnerability from fkie_nvd

Published

2023-07-14 20:15

Modified

2024-11-21 08:11

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html
security-advisories@github.com	https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff	Patch
security-advisories@github.com	https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html
af854a3a-2127-422b-91ae-364da2661108	https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	copyparty_project	copyparty	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:copyparty_project:copyparty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70E4D74A-BEE5-4FD5-85C2-29C30D148751",
              "versionEndExcluding": "1.8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
    }
  ],
  "id": "CVE-2023-37474",
  "lastModified": "2024-11-21T08:11:47.207",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-14T20:15:09.083",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

pysec-2023-127

Vulnerability from pysec

Published

2023-07-14 20:15

Modified

2023-07-27 20:23

Details

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the .cpr subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit 043e3c7d which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Impacted products

Name	purl
copyparty	pkg:pypi/copyparty

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "copyparty",
        "purl": "pkg:pypi/copyparty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
            }
          ],
          "repo": "https://github.com/9001/copyparty",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.10.0",
        "0.10.1",
        "0.10.10",
        "0.10.11",
        "0.10.12",
        "0.10.13",
        "0.10.14",
        "0.10.15",
        "0.10.16",
        "0.10.17",
        "0.10.18",
        "0.10.19",
        "0.10.2",
        "0.10.20",
        "0.10.21",
        "0.10.22",
        "0.10.3",
        "0.10.4",
        "0.10.5",
        "0.10.6",
        "0.10.7",
        "0.10.8",
        "0.10.9",
        "0.11.0",
        "0.11.1",
        "0.11.10",
        "0.11.11",
        "0.11.12",
        "0.11.13",
        "0.11.14",
        "0.11.15",
        "0.11.16",
        "0.11.17",
        "0.11.18",
        "0.11.19",
        "0.11.20",
        "0.11.21",
        "0.11.22",
        "0.11.23",
        "0.11.24",
        "0.11.26",
        "0.11.27",
        "0.11.28",
        "0.11.29",
        "0.11.30",
        "0.11.31",
        "0.11.32",
        "0.11.33",
        "0.11.34",
        "0.11.35",
        "0.11.36",
        "0.11.37",
        "0.11.38",
        "0.11.39",
        "0.11.40",
        "0.11.41",
        "0.11.42",
        "0.11.43",
        "0.11.44",
        "0.11.45",
        "0.11.46",
        "0.11.47",
        "0.11.5",
        "0.11.6",
        "0.11.7",
        "0.11.8",
        "0.11.9",
        "0.12.1",
        "0.12.10",
        "0.12.11",
        "0.12.12",
        "0.12.3",
        "0.12.4",
        "0.12.5",
        "0.12.6",
        "0.12.7",
        "0.12.8",
        "0.12.9",
        "0.13.0",
        "0.13.1",
        "0.13.10",
        "0.13.11",
        "0.13.12",
        "0.13.13",
        "0.13.14",
        "0.13.2",
        "0.13.3",
        "0.13.5",
        "0.13.6",
        "0.13.7",
        "0.13.9",
        "0.2.3",
        "0.3.0",
        "0.3.1",
        "0.4.0",
        "0.4.1",
        "0.4.2",
        "0.4.3",
        "0.5.0",
        "0.5.1",
        "0.5.2",
        "0.5.3",
        "0.5.4",
        "0.5.5",
        "0.5.6",
        "0.5.7",
        "0.6.0",
        "0.6.2",
        "0.6.3",
        "0.7.0",
        "0.7.1",
        "0.7.2",
        "0.7.3",
        "0.7.4",
        "0.7.5",
        "0.7.6",
        "0.7.7",
        "0.8.1",
        "0.8.3",
        "0.9.0",
        "0.9.1",
        "0.9.10",
        "0.9.11",
        "0.9.13",
        "0.9.3",
        "0.9.4",
        "0.9.5",
        "0.9.6",
        "0.9.7",
        "0.9.8",
        "0.9.9",
        "1.0.0",
        "1.0.1",
        "1.0.10",
        "1.0.11",
        "1.0.12",
        "1.0.13",
        "1.0.14",
        "1.0.2",
        "1.0.3",
        "1.0.4",
        "1.0.5",
        "1.0.7",
        "1.0.8",
        "1.0.9",
        "1.1.0",
        "1.1.1",
        "1.1.10",
        "1.1.11",
        "1.1.12",
        "1.1.2",
        "1.1.3",
        "1.1.4",
        "1.1.5",
        "1.1.6",
        "1.1.7",
        "1.1.8",
        "1.1.9",
        "1.2.0",
        "1.2.1",
        "1.2.10",
        "1.2.11",
        "1.2.2",
        "1.2.3",
        "1.2.4",
        "1.2.5",
        "1.2.6",
        "1.2.7",
        "1.2.8",
        "1.2.9",
        "1.3.0",
        "1.3.1",
        "1.3.10",
        "1.3.11",
        "1.3.12",
        "1.3.13",
        "1.3.14",
        "1.3.15",
        "1.3.16",
        "1.3.2",
        "1.3.3",
        "1.3.4",
        "1.3.5",
        "1.3.6",
        "1.3.7",
        "1.3.8",
        "1.3.9",
        "1.4.0",
        "1.4.1",
        "1.4.2",
        "1.4.3",
        "1.4.4",
        "1.4.5",
        "1.4.6",
        "1.5.0",
        "1.5.1",
        "1.5.2",
        "1.5.3",
        "1.5.4",
        "1.5.5",
        "1.5.6",
        "1.6.0",
        "1.6.1",
        "1.6.10",
        "1.6.11",
        "1.6.12",
        "1.6.13",
        "1.6.14",
        "1.6.15",
        "1.6.2",
        "1.6.3",
        "1.6.4",
        "1.6.5",
        "1.6.6",
        "1.6.7",
        "1.6.8",
        "1.6.9",
        "1.7.0",
        "1.7.1",
        "1.7.2",
        "1.7.3",
        "1.7.4",
        "1.7.5",
        "1.7.6",
        "1.8.0",
        "1.8.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-37474",
    "GHSA-pxfv-7rr3-2qjg"
  ],
  "details": "Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
  "id": "PYSEC-2023-127",
  "modified": "2023-07-27T20:23:01.674307+00:00",
  "published": "2023-07-14T20:15:00+00:00",
  "references": [
    {
      "type": "EVIDENCE",
      "url": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg"
    },
    {
      "type": "FIX",
      "url": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
    }
  ]
}

ghsa-pxfv-7rr3-2qjg

Vulnerability from github

Published

2023-07-14 21:59

Modified

2024-09-13 18:19

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Summary

copyparty vulnerable to path traversal attack

Details

Summary

All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server.

Details

Unauthenticated users were able to retrieve any files which are accessible (according to OS-level permissions) from the copyparty process. Usually, this is all files that are readable by the OS account which is used to run copyparty.

The vulnerability did not make it possible to list the contents of folders, so an attacker needs to know the full absolute path to the file, or the relative path from where copyparty is installed.

Some methods of running copyparty (prisonparty, the nix package, and docker) had a mitigating effect, mostly reducing the attack scope to files inside copyparty volumes, and possibly the copyparty config file.

Checking for attacks

Please keep in mind that, if an attacker were to find a way to overwrite the logs, for example by discovering the password to another service with sufficient privileges, then the following approaches cannot be trusted.

if copyparty was only accessible through a reverse proxy, then all attacks would be visible in the webserver access-log as URLs which contain both .cpr/ and %2F * nginx: bash (gzip -dc access.log*.gz; cat access.log) | sed -r 's/" [0-9]+ .*//' | grep -E 'cpr/.*%2[^0]' | grep -vF data:image/svg

However, if copyparty was directly accessible from the internet, then any successful attacks (file retrievals) would unfortunately leave no trace. That said, it is very probable that an attacker would make at least one invalid attempt, which would become apparent in the copyparty server log, detectable with grep -aE '(Errno|Permission).*\.cpr/' revealing the following: * python2 example: [IOError] [Errno 13] Permission denied: '/etc/shadow', .cpr//etc/shadow * python3 example: [PermissionError] [Errno 13] Permission denied: b'/etc/shadow', .cpr//etc/shadow

Providing an exact command for this approach is difficult, as it depends on how copyparty is deployed; * if copyparty was running as a systemd service: journalctl -am | grep -aE '(Errno|Permission).*\.cpr/' * if copyparty was logging to a compressed file: xz -kdc thefilename.xz | grep -aE '(Errno|Permission).*\.cpr/' * if the copyparty log is available in a plaintext file: grep -aE '(Errno|Permission).*\.cpr/' thefilename.txt

PoC / attack example

bash curl -sik http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd curl -sik http://127.0.0.1:3923/.cpr/..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "copyparty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-37474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-14T21:59:23Z",
    "nvd_published_at": "2023-07-14T20:15:09Z",
    "severity": "HIGH"
  },
  "details": "# Summary\nAll versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server.\n\n# Details\nUnauthenticated users were able to retrieve any files which are accessible (according to OS-level permissions) from the copyparty process. Usually, this is all files that are readable by the OS account which is used to run copyparty.\n\nThe vulnerability did not make it possible to list the contents of folders, so an attacker needs to know the full absolute path to the file, or the relative path from where copyparty is installed.\n\nSome methods of running copyparty ([prisonparty](https://github.com/9001/copyparty/tree/hovudstraum/bin#prisonpartysh), the [nix package](https://github.com/9001/copyparty#nix-package), and [docker](https://github.com/9001/copyparty/tree/hovudstraum/scripts/docker)) had a mitigating effect, mostly reducing the attack scope to files inside copyparty volumes, and possibly the copyparty config file.\n\n# Checking for attacks\nPlease keep in mind that, if an attacker were to find a way to overwrite the logs, for example by discovering the password to another service with sufficient privileges, then the following approaches cannot be trusted.\n\nif copyparty was only accessible through a reverse proxy, then all attacks would be visible in the webserver access-log as URLs which contain both `.cpr/` and `%2F`\n* nginx:\n  ```bash\n  (gzip -dc access.log*.gz; cat access.log) | sed -r \u0027s/\" [0-9]+ .*//\u0027 | grep -E \u0027cpr/.*%2[^0]\u0027 | grep -vF data:image/svg\n  ```\n\nHowever, if copyparty was directly accessible from the internet, then any successful attacks (file retrievals) would unfortunately leave no trace. That said, it is very probable that an attacker would make at least one invalid attempt, which would become apparent in the copyparty server log, detectable with `grep -aE \u0027(Errno|Permission).*\\.cpr/\u0027` revealing the following:\n* python2 example: `[IOError] [Errno 13] Permission denied: \u0027/etc/shadow\u0027, .cpr//etc/shadow`\n* python3 example: `[PermissionError] [Errno 13] Permission denied: b\u0027/etc/shadow\u0027, .cpr//etc/shadow`\n \n\nProviding an exact command for this approach is difficult, as it depends on how copyparty is deployed;\n* if copyparty was running as a systemd service: `journalctl -am | grep -aE \u0027(Errno|Permission).*\\.cpr/\u0027`\n* if copyparty was logging to a compressed file: `xz -kdc thefilename.xz | grep -aE \u0027(Errno|Permission).*\\.cpr/\u0027`\n* if the copyparty log is available in a plaintext file: `grep -aE \u0027(Errno|Permission).*\\.cpr/\u0027 thefilename.txt`\n\n# PoC / attack example\n```bash\ncurl -sik http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd\ncurl -sik http://127.0.0.1:3923/.cpr/..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd\n```\n",
  "id": "GHSA-pxfv-7rr3-2qjg",
  "modified": "2024-09-13T18:19:54Z",
  "published": "2023-07-14T21:59:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37474"
    },
    {
      "type": "WEB",
      "url": "https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/9001/copyparty"
    },
    {
      "type": "WEB",
      "url": "https://github.com/9001/copyparty/releases/tag/v1.8.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/copyparty/PYSEC-2023-127.yaml"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "copyparty vulnerable to path traversal attack"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-37474 (GCVE-0-2023-37474)

Vulnerability from cvelistv5

gsd-2023-37474

Vulnerability from gsd

fkie_cve-2023-37474

Vulnerability from fkie_nvd

pysec-2023-127

Vulnerability from pysec

ghsa-pxfv-7rr3-2qjg

Vulnerability from github

Summary

Details

Checking for attacks

PoC / attack example

Tags

Sightings

Nomenclature