VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 135 of 275
  • CVE-2023-39525MedAug 7, 2023
    risk 0.35cvss 6.5epss 0.01

    PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch…

  • CVE-2023-38695MedAug 4, 2023
    risk 0.35cvss 6.5epss 0.01

    cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has…

  • CVE-2023-22887MedJul 12, 2023
    risk 0.35cvss 6.5epss 0.02

    Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an…

  • CVE-2023-36822MedJul 5, 2023
    risk 0.35cvss 6.5epss 0.01

    Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding…

  • CVE-2023-35840MedJun 19, 2023
    risk 0.35cvss 6.5epss 0.02

    _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.

  • CVE-2023-27562MedMay 10, 2023
    risk 0.35cvss 6.5epss 0.02

    The n8n package 0.218.0 for Node.js allows Directory Traversal.

  • CVE-2023-30855MedMay 8, 2023
    risk 0.35cvss 6.5epss 0.01

    Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files.…

  • CVE-2023-2336MedApr 27, 2023
    risk 0.35cvss 6.5epss 0.01

    Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.

  • CVE-2022-25937MedFeb 13, 2023
    risk 0.35cvss 6.5epss 0.01

    Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:2018012…

  • CVE-2022-2712MedJan 27, 2023
    risk 0.35cvss 6.5epss 0.01

    In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration…

  • CVE-2022-26884MedOct 28, 2022
    risk 0.35cvss 6.5epss 0.01

    Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.

  • CVE-2022-35918MedAug 1, 2022
    risk 0.35cvss 6.5epss 0.01

    Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files,…

  • CVE-2022-36894MedJul 27, 2022
    risk 0.35cvss 6.5epss 0.01

    An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

  • CVE-2022-34173MedJun 23, 2022
    risk 0.35cvss 5.4epss 0.01

    In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

  • CVE-2022-34172MedJun 23, 2022
    risk 0.35cvss 5.4epss 0.01

    In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.

  • CVE-2022-34171MedJun 23, 2022
    risk 0.35cvss 5.4epss 0.01

    In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335)…

  • CVE-2022-28146MedMar 29, 2022
    risk 0.35cvss 6.5epss 0.02

    Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps.

  • CVE-2022-0959MedMar 16, 2022
    risk 0.35cvss 6.5epss 0.01

    A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.

  • CVE-2022-26652MedMar 10, 2022
    risk 0.35cvss 6.5epss 0.02

    NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.

  • CVE-2022-0665MedFeb 22, 2022
    risk 0.35cvss 6.5epss 0.01

    Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.