Lucene search
Veracode Vulnerability DatabaseVERACODE:40354HistoryMay 01, 2023 - 2:49 p.m.
Path Traversal
2023-05-0114:49:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
jellyfin
path traversal
arbitrary code execution
writedocumentasync
clienteventlogger
EPSS
0.001
Percentile
49.9%
Jellyfin.Controller is vulnerable to Path Traversal. The vulnerability exists in the WriteDocumentAsync function of ClientEventLogger.cs, which allows an attacker to access files outside the expected directory and write malicious files, leading to arbitrary code execution
References
github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq
github.com/jellyfin/jellyfin/blob/22d880662283980dec994cd7d35fe269613bfce3/Jellyfin.Api/Controllers/ClientLogController.cs#L44
github.com/jellyfin/jellyfin/commit/82ad2633fdfb1c37a158057c7935f83e1129eda7
github.com/jellyfin/jellyfin/pull/5918
github.com/jellyfin/jellyfin/releases/tag/v10.8.10
github.com/jellyfin/jellyfin/security/advisories/GHSA-9p5f-5x8v-x65m
Related
github
github
Directory traversal + file write causing arbitrary code execution
2023-04-24 22:39:03
cvelist
cvelist
osv
osv
CVE-2023-30627
2023-04-24 21:15:09
Directory traversal + file write causing arbitrary code execution
2023-04-24 22:39:03
CVE-2023-30626
2023-04-24 21:15:09
prion
prion
Directory traversal
2023-04-24 21:15:00
Cross site scripting
2023-04-24 21:15:00
nvd
nvd
CVE-2023-30626
2023-04-24 21:15:09
CVE-2023-30627
2023-04-24 21:15:09
cve
cve
CVE-2023-30627
2023-04-24 21:15:09
CVE-2023-30626
2023-04-24 21:15:09
nessus
nessus
freebsd
freebsd
jellyfin -- Multiple vulnerabilities
2023-04-24 00:00:00