Path Traversal: '.../...//'

CVE-2023-41793

Medium

6.7/10

Summary

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-35 - Path Traversal: '.../...//'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

References

Advisory Timeline

Published Mar 19, 2024

Path Traversal: '.../...//'

CVE-2023-41793

Summary

CWE-35 - Path Traversal: '.../...//'

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS