Vulnerability CVE-2023-47440


Published: 2023-12-07   Modified: 2023-12-14

Description:
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Affected software
Gladysassistant -> Gladys assistant 

 References:
https://github.com/GladysAssistant/Gladys/pull/1918/commits/4f56ba250ff9f46578f1afa6a97e62e74bad83b7
https://blog.moku.fr/cve/
https://blog.moku.fr/cves/CVE-2023-47440/

Copyright 2024, cxsecurity.com

 

Back to Top