Lucene search

Veracode Vulnerability DatabaseVERACODE:44786

HistoryDec 22, 2023 - 6:03 a.m.

Path Traversal

2023-12-2206:03:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

aws

php

path traversal

unauthorized access

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

AWS SDK for PHP is vulnerable to URI Path Traversal. The vulnerability is due to improper handling of the URI path in the buildEndpoint function within RestSerializer.php. This could allow an attacker to potentially manipulate S3 object keys and prefixes to gain unauthorized access to arbitrary S3 objects.

CPENameOperatorVersion
aws/aws-sdk-phple3.288.0
aws/aws-sdk-phple3.288.0

CPE	Name	Operator	Version
	aws/aws-sdk-php	le	3.288.0
	aws/aws-sdk-php	le	3.288.0

References

github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2

github.com/aws/aws-sdk-php/releases/tag/3.288.1

github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:44786