Lucene search

[email protected]NVD:CVE-2023-35844

HistoryJun 19, 2023 - 2:15 a.m.

CVE-2023-35844

2023-06-1902:15:08

CWE-22

[email protected]

web.nvd.nist.gov

lightdash

insecure file endpoints

directory traversal

file extension

cve-2023-35844

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.161 Low

EPSS

Percentile

96.0%

JSON

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow … directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

Affected configurations

NVD

Node

lightdashlightdashRange<0.510.3

References

advisory.dw1.io/59

github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c

github.com/lightdash/lightdash/compare/0.510.2...0.510.3

github.com/lightdash/lightdash/pull/5090

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.161 Low

EPSS

Percentile

96.0%

JSON

Related for NVD:CVE-2023-35844

cve1 nuclei1 cvelist1 osv1 githubexploit1 prion1