Improper Resolution of Path Equivalence

CVE-2023-36396

High

7.8/10

Summary

Windows Compressed Folder Remote Code Execution Vulnerability

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-41 - Improper Resolution of Path Equivalence

The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

References

Advisory Timeline

Published Nov 14, 2023

Improper Resolution of Path Equivalence

CVE-2023-36396

Summary

CWE-41 - Improper Resolution of Path Equivalence

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS