Lucene search

Veracode Vulnerability DatabaseVERACODE:48456

HistoryAug 13, 2024 - 4:05 a.m.

Path Traversal

2024-08-1304:05:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

streamlit

path traversal

windows

file sharing

vulnerability

directory access

password hash

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

19.7%

JSON

Streamlit is vulnerable to a Path Traversal. The vulnerability is due to improper handling of file paths in the static file sharing feature of Streamlit on Windows systems, which allows an attacker to traverse directories and access the password hash of the Windows user running Streamlit.

References

github.com/advisories/GHSA-rxff-vr5r-8cj5

github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3

github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

19.7%

JSON

Related for VERACODE:48456