2 matches found
Directory traversal
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...
CVE-2022-25377
Summary : Multiple sources (Red Hat, Veracode, OSV, GHSA, NVD mirrors) confirm a directory-traversal flaw in Appwrite’s ACME-challenge endpoint. Affected versions : Appwrite 0.5.0 through 0.12.x before 0.12.2. The vulnerability requires the path APP_STORAGE_CERTIFICATES/.well-known/acme-challenge...