Lucene search
Veracode Vulnerability DatabaseVERACODE:48484HistoryAug 16, 2024 - 9:24 a.m.
Path Traversal
2024-08-1609:24:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
path traversal
vulnerability
validation
sanitization
archive unpacking
attackers
malicious archives
directory write.
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
AI Score
6.6
Confidence
Low
github.com/hashicorp/nomad is vulnerable to path traversal. The vulnerability is due to there is no proper validation / sanitization during archive unpacking, which allows attackers to craft malicious archives that can write files outside the intended allocation directory.
Related
ubuntucve
ubuntucve
CVE-2024-7625
2024-08-15 00:00:00
github
github
osv
osv
cvelist
cvelist
cve
cve
CVE-2024-7625
2024-08-15 00:15:13
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-7625
2024-08-15 00:15:13
redos
redos
ROS-20240910-05
2024-09-10 00:00:00
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
AI Score
6.6
Confidence
Low
Related for VERACODE:48484