CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
93.9%
nocodb is vulnerable to Directory Traversal. The vulnerability exists in the fileRead
function of attachments.controller.ts
and attachment.ctl.ts
files, which allows an attacker to fetch arbitrary files on the server by manipulating the path parameter of the /download
route, resulting in the exposure of configuration files, source codes, and other sensitive information.
advisory.dw1.io/60
github.com/nocodb/nocodb/blob/0.109.2/packages/nocodb/src/controllers/attachments.controller.ts#L55-L66
github.com/nocodb/nocodb/blob/6decfa2b20c28db9946bddce0bcb1442b683ecae/packages/nocodb/src/lib/controllers/attachment.ctl.ts#L62-L74
github.com/nocodb/nocodb/blob/f7ee7e3beb91d313a159895d1edc1aba9d91b0bc/packages/nocodb/src/controllers/attachments.controller.ts#L55-L66
github.com/nocodb/nocodb/commit/899bb27f01071d99ad35a7a24c1522dafd76e404
github.com/nocodb/nocodb/pull/6102