Path Traversal: '\UNC\share\name\' (Windows UNC Share)

CVE-2023-29446

Medium

4.7/10

Summary

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-40 - Path Traversal: '\UNC\share\name\' (Windows UNC Share)

An attacker can inject a Windows UNC share ('\\UNC\share\name') into a software system to potentially redirect access to an unintended location or arbitrary file.

References

Advisory Timeline

Published Jan 10, 2024

Path Traversal: '\UNC\share\name\' (Windows UNC Share)

CVE-2023-29446

Summary

CWE-40 - Path Traversal: '\UNC\share\name\' (Windows UNC Share)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS