Lucene search

[email protected]NVD:CVE-2023-0592

HistoryJan 31, 2023 - 10:15 a.m.

CVE-2023-0592

2023-01-3110:15:10

CWE-22

[email protected]

web.nvd.nist.gov

path traversal

jefferson

jffs2

vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

20.5%

JSON

A path traversal vulnerability affects jefferson’s JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.

Affected configurations

NVD

Node

jefferson_projectjeffersonRange<0.4.1

References

github.com/sviehb/jefferson/commit/971aca1a8b3b9f4fcb4674fa9621d3349195cdc6

onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for NVD:CVE-2023-0592

prion1 osv1 cve1 cvelist1