Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-32QH-8VG6-9G43
HistoryDec 28, 2022 - 12:30 a.m.

Cloud Foundry Archiver vulnerable to path traversal

2022-12-2800:30:23
CWE-22
GitHub Advisory Database
github.com
12
cloud foundry
archiver
path traversal
vulnerability
improper path sanitation
relative file paths
file manipulation

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

46.6%

JSON

Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

Affected configurations

Vulners
Node
code.cloudfoundry.orgarchiverRange<0.0.0-20180523222229-09b5706aa936
OR
cloudfoundryarchiverRange<0.0.0-20180523222229-09b5706aa936
VendorProductVersionCPE
code.cloudfoundry.orgarchiver*cpe:2.3:a:code.cloudfoundry.org:archiver:*:*:*:*:*:*:*:*
cloudfoundryarchiver*cpe:2.3:a:cloudfoundry:archiver:*:*:*:*:*:*:*:*

Related

gitlab 2
osv 3
redhatcve 1
prion 1
veracode 1
cvelist 1
nvd 1
cve 1
gitlab
gitlab
Cloud Foundry Archiver vulnerable to path traversal
2022-12-28 00:00:00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
2022-12-28 00:00:00
osv
osv
Cloud Foundry Archiver vulnerable to path traversal
2022-12-28 00:30:23
CVE-2018-25046
2022-12-27 22:15:11
Path traversal in code.cloudfoundry.org/archiver
2021-04-14 20:04:52
redhatcve
redhatcve
CVE-2018-25046
2023-01-03 08:04:51
prion
prion
Input validation
2022-12-27 22:15:00
veracode
veracode
Improper Path Sanitisation
2023-07-25 10:48:50
cvelist
cvelist
CVE-2018-25046 Path traversal in code.cloudfoundry.org/archiver
2022-12-27 21:13:15
nvd
nvd
CVE-2018-25046
2022-12-27 22:15:11
cve
cve
CVE-2018-25046
2022-12-27 22:15:11

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

46.6%

JSON
Related for GHSA-32QH-8VG6-9G43
gitlab2osv3redhatcve1prion1veracode1cvelist1nvd1cve1