CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 135 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-39525 | Med | 0.35 | 6.5 | 0.01 | Aug 7, 2023 | PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch… | ||
| CVE-2023-38695 | Med | 0.35 | 6.5 | 0.01 | Aug 4, 2023 | cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has… | ||
| CVE-2023-22887 | Med | 0.35 | 6.5 | 0.02 | Jul 12, 2023 | Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an… | ||
| CVE-2023-36822 | Med | 0.35 | 6.5 | 0.01 | Jul 5, 2023 | Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding… | ||
| CVE-2023-35840 | — | Med | 0.35 | 6.5 | 0.02 | Jun 19, 2023 | _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. | |
| CVE-2023-27562 | — | Med | 0.35 | 6.5 | 0.02 | May 10, 2023 | The n8n package 0.218.0 for Node.js allows Directory Traversal. | |
| CVE-2023-30855 | Med | 0.35 | 6.5 | 0.01 | May 8, 2023 | Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files.… | ||
| CVE-2023-2336 | Med | 0.35 | 6.5 | 0.01 | Apr 27, 2023 | Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. | ||
| CVE-2022-25937 | — | Med | 0.35 | 6.5 | 0.01 | Feb 13, 2023 | Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:2018012… | |
| CVE-2022-2712 | Med | 0.35 | 6.5 | 0.01 | Jan 27, 2023 | In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration… | ||
| CVE-2022-26884 | Med | 0.35 | 6.5 | 0.01 | Oct 28, 2022 | Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | ||
| CVE-2022-35918 | — | Med | 0.35 | 6.5 | 0.01 | Aug 1, 2022 | Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files,… | |
| CVE-2022-36894 | — | Med | 0.35 | 6.5 | 0.01 | Jul 27, 2022 | An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | |
| CVE-2022-34173 | Med | 0.35 | 5.4 | 0.01 | Jun 23, 2022 | In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||
| CVE-2022-34172 | Med | 0.35 | 5.4 | 0.01 | Jun 23, 2022 | In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. | ||
| CVE-2022-34171 | Med | 0.35 | 5.4 | 0.01 | Jun 23, 2022 | In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335)… | ||
| CVE-2022-28146 | — | Med | 0.35 | 6.5 | 0.02 | Mar 29, 2022 | Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | |
| CVE-2022-0959 | — | Med | 0.35 | 6.5 | 0.01 | Mar 16, 2022 | A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | |
| CVE-2022-26652 | — | Med | 0.35 | 6.5 | 0.02 | Mar 10, 2022 | NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. | |
| CVE-2022-0665 | Med | 0.35 | 6.5 | 0.01 | Feb 22, 2022 | Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. |
- risk 0.35cvss 6.5epss 0.01
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch…
- risk 0.35cvss 6.5epss 0.01
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has…
- risk 0.35cvss 6.5epss 0.02
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an…
- risk 0.35cvss 6.5epss 0.01
Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding…
- risk 0.35cvss 6.5epss 0.02
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
- risk 0.35cvss 6.5epss 0.02
The n8n package 0.218.0 for Node.js allows Directory Traversal.
- risk 0.35cvss 6.5epss 0.01
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files.…
- risk 0.35cvss 6.5epss 0.01
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.
- risk 0.35cvss 6.5epss 0.01
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:2018012…
- risk 0.35cvss 6.5epss 0.01
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration…
- risk 0.35cvss 6.5epss 0.01
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
- risk 0.35cvss 6.5epss 0.01
Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files,…
- risk 0.35cvss 6.5epss 0.01
An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
- risk 0.35cvss 5.4epss 0.01
In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
- risk 0.35cvss 5.4epss 0.01
In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.
- risk 0.35cvss 5.4epss 0.01
In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335)…
- risk 0.35cvss 6.5epss 0.02
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps.
- risk 0.35cvss 6.5epss 0.01
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
- risk 0.35cvss 6.5epss 0.02
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
- risk 0.35cvss 6.5epss 0.01
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.