Lucene search

K
cve[email protected]CVE-2023-29004
HistoryApr 17, 2023 - 7:15 p.m.

CVE-2023-29004

2023-04-1719:15:07
CWE-22
web.nvd.nist.gov
24
2
hap-wi
roxy-wi
path traversal
vulnerability
haproxy
nginx
apache
keepalived
cve-2023-29004

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/options.py and the config_file_name parameter. Successful exploitation of this vulnerability could allow an attacker with user level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root-cause of the vulnerability lies in the get_config function of the /app/modules/config/config.py file, which only checks for relative path traversal, but still allows to read files from absolute locations passed via the config_file_name parameter.

Affected configurations

Vulners
NVD
Node
hap-wiroxy_wiRange6.3.9.0
CPENameOperatorVersion
roxy-wi:roxy-wiroxy-wile6.3.9.0

CNA Affected

[
  {
    "vendor": "hap-wi",
    "product": "roxy-wi",
    "versions": [
      {
        "version": "<= 6.3.9.0",
        "status": "affected"
      }
    ]
  }
]

Social References

More

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

Related for CVE-2023-29004