VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 106 of 275
  • CVE-2022-29970HigMay 2, 2022
    risk 0.42cvss 7.5epss 0.02

    Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

  • CVE-2022-23457HigApr 25, 2022
    risk 0.42cvss 7.5epss 0.03

    ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a…

  • CVE-2022-24785HigApr 4, 2022
    risk 0.42cvss 7.5epss 0.06

    Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch…

  • CVE-2022-28157MedMar 29, 2022
    risk 0.42cvss 6.5epss 0.01

    Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server.

  • CVE-2022-28156MedMar 29, 2022
    risk 0.42cvss 6.5epss 0.02

    Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace.

  • CVE-2022-28148MedMar 29, 2022
    risk 0.42cvss 6.5epss 0.02

    The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files…

  • CVE-2022-27208MedMar 15, 2022
    risk 0.42cvss 6.5epss 0.02

    Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.

  • CVE-2022-27203MedMar 15, 2022
    risk 0.42cvss 6.5epss 0.02

    Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.

  • CVE-2022-25511MedMar 11, 2022
    risk 0.42cvss 6.5epss 0.01

    An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.

  • CVE-2022-24683HigFeb 17, 2022
    risk 0.42cvss 7.5epss 0.02

    HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.

  • CVE-2022-25178MedFeb 15, 2022
    risk 0.42cvss 6.5epss 0.02

    Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

  • CVE-2021-43795HigDec 2, 2021
    risk 0.42cvss 7.5epss 0.02

    Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing…

  • CVE-2021-41281HigNov 23, 2021
    risk 0.42cvss 7.5epss 0.02

    Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the…

  • CVE-2021-3924HigNov 5, 2021
    risk 0.42cvss 7.5epss 0.04

    grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CVE-2021-21698HigNov 4, 2021
    risk 0.42cvss 7.5epss 0.02

    Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.

  • CVE-2021-41131HigOct 19, 2021
    risk 0.42cvss 7.5epss 0.01

    python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to…

  • CVE-2021-21501HigAug 10, 2021
    risk 0.42cvss 7.5epss 0.04

    Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.

  • CVE-2021-23415HigJul 28, 2021
    risk 0.42cvss 7.5epss 0.02

    This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.

  • CVE-2021-32769HigJul 16, 2021
    risk 0.42cvss 7.5epss 0.02

    Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs…

  • CVE-2021-23407HigJul 14, 2021
    risk 0.42cvss 7.5epss 0.02

    This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.