Lucene search

GitHub Advisory DatabaseGHSA-C79F-PQGF-FHP3

HistoryDec 07, 2023 - 6:30 p.m.

Directory Traversal in Gladys Assistant

2023-12-0718:30:34

CWE-22

GitHub Advisory Database

github.com

gladys assistant

directory traversal

cve-2023-43256

incomplete patch

attackers

sensitive files

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

Affected configurations

Vulners

Node

gladysassistantgladys_assistantRange≤4.27.0

CPENameOperatorVersion
gladysle4.27.0

CPE	Name	Operator	Version
	gladys	le	4.27.0

References

blog.moku.fr/cve/

blog.moku.fr/cves/CVE-2023-47440/

github.com/advisories/GHSA-c79f-pqgf-fhp3

github.com/GladysAssistant/Gladys/pull/1918/commits/4f56ba250ff9f46578f1afa6a97e62e74bad83b7

nvd.nist.gov/vuln/detail/CVE-2023-47440

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for GHSA-C79F-PQGF-FHP3