Lucene search
HistoryDec 07, 2023 - 6:15 p.m.
CVE-2023-47440
gladys assistant
v4.27.0
directory traversal
vulnerability
incomplete patch
authenticated attackers
sensitive files
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
28.1%
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.
Affected configurations
Node
gladysassistantgladys_assistantRange<4.30.0
Related
osv
osv
Directory Traversal in Gladys Assistant
2023-12-07 18:30:34
CVE-2023-43256
2023-09-25 14:15:10
cvelist
cvelist
CVE-2023-47440
2023-12-07 00:00:00
CVE-2023-43256
2023-09-25 00:00:00
prion
prion
Directory traversal
2023-12-07 18:15:00
Path traversal
2023-09-25 14:15:00
github
github
Directory Traversal in Gladys Assistant
2023-12-07 18:30:34
cve
cve
CVE-2023-47440
2023-12-07 18:15:08
CVE-2023-43256
2023-09-25 14:15:10
nvd
nvd
CVE-2023-43256
2023-09-25 14:15:10
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
28.1%
Related for NVD:CVE-2023-47440