Podatność CVE-2023-46307


Publikacja: 2023-12-07   Modyfikacja: 2023-12-14

Opis:
An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system.

Typ:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Affected software
Buddho -> Etcd browser 

 Referencje:
https://hub.docker.com/r/buddho/etcd-browser
https://hub.docker.com/r/buddho/etcd-browser/tags
http://seclists.org/fulldisclosure/2023/Nov/9
http://seclists.org/fulldisclosure/2023/Nov/11

Copyright 2024, cxsecurity.com

 

Back to Top