47 matches found
Authentication flaw
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...
CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...
CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...
CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...
CVE-2023-43801 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...
CVE-2023-43801 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...
CVE-2023-43802 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...
CVE-2023-43802
Arduino Create Agent is affected by a path traversal vulnerability in the /upload endpoint that processes the filename parameter. A user able to issue HTTP requests to the localhost interface or bypass CORS can escalate privileges to the user running the Arduino Create Agent service via a crafted...
CVE-2023-43802 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...
CVE-2023-43802 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...
CVE-2023-43803 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...
CVE-2023-43803
CVE-2023-43803 affects Arduino Create Agent. The vulnerability stems from how the endpoint /v2/pkgs/tools/installed handles user-supplied plugin names, enabling path traversal that could allow an attacker with localhost HTTP access or bypassed CORS to delete arbitrary files/folders owned by the A...
CVE-2023-43803 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...
CVE-2023-43803
Removed by vendor...
CVE-2023-43803 Path traversal in Arduino Create Agent
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...
GHSA-75J7-W798-CWWX Arduino Create Agent path traversal - local privilege escalation vulnerability
Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...
Arduino Create Agent path traversal - local privilege escalation vulnerability
Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...
GHSA-MJQ6-PV9C-QPPQ Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...
GHSA-4X5Q-Q7WC-Q22P Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a...