Lucene search

GoogleOSV:CVE-2023-25804

HistoryMar 15, 2023 - 6:15 p.m.

CVE-2023-25804

2023-03-1518:15:10

Google

osv.dev

cve-2023-25804

path traversal vulnerability

ssh key

fixed in 6.3.5.0

roxy-wi software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%

JSON

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111_dev. This issue has been fixed in version 6.3.5.0.

CPENameOperatorVersion
roxy-wieq5.2.4.0
roxy-wieq6.1.2.0
roxy-wieq1.6
roxy-wieq5.2.3.0
roxy-wieq5.5.0.0
roxy-wieq1.4
roxy-wieq5.4.0.0
roxy-wieq1.10.1
roxy-wieq5.1.4.0
roxy-wieq1.10.2

Name	Operator	Version
roxy-wi	eq	5.2.4.0
roxy-wi	eq	6.1.2.0
roxy-wi	eq	1.6
roxy-wi	eq	5.2.3.0
roxy-wi	eq	5.5.0.0
roxy-wi	eq	1.4
roxy-wi	eq	5.4.0.0
roxy-wi	eq	1.10.1
roxy-wi	eq	5.1.4.0
roxy-wi	eq	1.10.2

Rows per page:

1-10 of 601

References

github.com/hap-wi/roxy-wi/security/advisories/GHSA-69j6-crq8-rrhv

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%

JSON

Related for OSV:CVE-2023-25804