github.com/arduino/arduino-create-agent is vulnerable to Path Traversal due to inadequate sanitization of the `filename` parameter, allowing attackers to execute HTTP requests and potentially elevate their privileges via the `/upload` interface
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
Prion | Design/Logic Flaw | 18 Oct 202321:15 | – | prion |
Vulnrichment | CVE-2023-43802 Path traversal in Arduino Create Agent | 18 Oct 202320:39 | – | vulnrichment |
NVD | CVE-2023-43802 | 18 Oct 202321:15 | – | nvd |
CVE | CVE-2023-43802 | 18 Oct 202321:15 | – | cve |
OSV | Arduino Create Agent path traversal - local privilege escalation vulnerability | 18 Oct 202318:21 | – | osv |
OSV | CVE-2023-43802 | 18 Oct 202321:15 | – | osv |
Cvelist | CVE-2023-43802 Path traversal in Arduino Create Agent | 18 Oct 202320:39 | – | cvelist |
Github Security Blog | Arduino Create Agent path traversal - local privilege escalation vulnerability | 18 Oct 202318:21 | – | github |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo