CVE-2023-43802 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

CVE-2023-43802 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

CVE-2023-43803 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2023-43803

CVE-2023-43803 affects Arduino Create Agent. The vulnerability stems from how the endpoint /v2/pkgs/tools/installed handles user-supplied plugin names, enabling path traversal that could allow an attacker with localhost HTTP access or bypassed CORS to delete arbitrary files/folders owned by the A...

CVE-2023-43803 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2023-43803

Removed by vendor...

CVE-2023-43803 Path traversal in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

Arduino Create Agent path traversal - local privilege escalation vulnerability

Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...

GHSA-75J7-W798-CWWX Arduino Create Agent path traversal - local privilege escalation vulnerability

Impact The vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduin...

GHSA-MJQ6-PV9C-QPPQ Arduino Create Agent path traversal - arbitrary file deletion vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...

Arduino Create Agent path traversal - arbitrary file deletion vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders...

GHSA-4X5Q-Q7WC-Q22P Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability

Impact The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a...

Arduino path traversal vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent versions prior to 1.3.2. An attacker can escalate privileges by exploiting this vulnerability...

Arduino path traversal vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent. An attacker can exploit this vulnerability to delete arbitrary files or folders...

PT-2023-28993 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: The issue affects the endpoint "/v2/pkgs/tools/installed". A user who can perform HTTP requests to the localhost interface, or bypass the CORS configuration, can escalate privileges to...

Arduino path traversal vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent versions prior to 1.3.2, which stems from a security flaw in the /v2/pkgs/tools/installed endpoint. An attacker can exploit this vulnerability by constructing HTTP requests...

PT-2023-28996 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: The issue affects the endpoint "/v2/pkgs/tools/installed" and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localho...

PT-2023-28995 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: The issue affects the endpoint "/upload" which handles requests with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able ...

PT-2023-28994 · Arduino · Arduino Create Agent

Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: This issue affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhos...

Arduino Data Forgery Issue Vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent versions prior to 1.3.2, which stems from a security hole in the /v2/pkgs/tools/installed endpoint. An attacker can exploit this vulnerability to bypass CORS configuration and...