Lucene search

ONEKEYCVELIST:CVE-2023-0592

HistoryJan 31, 2023 - 9:25 a.m.

CVE-2023-0592 Path traversal in jefferson

2023-01-3109:25:10

CWE-22

ONEKEY

www.cve.org

path traversal

jefferson

jffs2

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

20.5%

JSON

A path traversal vulnerability affects jefferson’s JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.

CNA Affected

[
  {
    "collectionURL": "https://github.com/sviehb/jefferson",
    "defaultStatus": "unaffected",
    "modules": [
      "jefferson"
    ],
    "packageName": "jefferson",
    "product": "jefferson",
    "repo": "https://github.com/sviehb/jefferson",
    "vendor": "sviehb",
    "versions": [
      {
        "lessThan": "0.4.1",
        "status": "affected",
        "version": "0",
        "versionType": "0.4.1"
      }
    ]
  }
]

References

github.com/sviehb/jefferson/commit/971aca1a8b3b9f4fcb4674fa9621d3349195cdc6

onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for CVELIST:CVE-2023-0592