CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 136 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21683 | Med | 0.35 | 6.5 | 0.02 | Oct 6, 2021 | The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows… | ||
| CVE-2021-3806 | Med | 0.35 | 5.3 | 0.01 | Sep 18, 2021 | A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system. | ||
| CVE-2021-32662 | Med | 0.35 | 6.5 | 0.01 | Jun 3, 2021 | Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs… | ||
| CVE-2021-28658 | — | Med | 0.35 | 5.3 | 0.04 | Apr 6, 2021 | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. | |
| CVE-2021-22114 | — | Med | 0.35 | 5.3 | 0.01 | Mar 1, 2021 | Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path… | |
| CVE-2020-28348 | — | Med | 0.35 | 6.5 | 0.02 | Nov 24, 2020 | HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8. | |
| CVE-2020-7762 | — | Med | 0.35 | 6.5 | 0.02 | Nov 5, 2020 | This affects the package jsreport-chrome-pdf before 1.10.0. | |
| CVE-2020-2254 | Med | 0.35 | 6.5 | 0.02 | Sep 16, 2020 | Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | ||
| CVE-2017-18874 | — | Med | 0.35 | 6.5 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal. | |
| CVE-2020-2139 | Med | 0.35 | 6.5 | 0.02 | Mar 9, 2020 | An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | ||
| CVE-2020-3717 | Med | 0.35 | 5.3 | 0.03 | Jan 29, 2020 | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||
| CVE-2019-16540 | Med | 0.35 | 6.5 | 0.02 | Nov 21, 2019 | A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. | ||
| CVE-2019-10436 | Med | 0.35 | 6.5 | 0.01 | Oct 16, 2019 | An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master. | ||
| CVE-2019-17109 | — | Med | 0.35 | 6.5 | 0.03 | Oct 9, 2019 | Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. | |
| CVE-2019-5480 | — | Med | 0.35 | 5.3 | 0.02 | Sep 3, 2019 | A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. | |
| CVE-2019-5447 | — | Med | 0.35 | 5.3 | 0.01 | Jul 15, 2019 | A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. | |
| CVE-2019-5444 | — | Med | 0.35 | 5.3 | 0.01 | Jul 10, 2019 | Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder. | |
| CVE-2019-5438 | — | Med | 0.35 | 5.3 | 0.01 | May 10, 2019 | Path traversal using symlink in npm harp module versions <= 0.29.0. | |
| CVE-2018-19859 | — | Med | 0.35 | 6.5 | 0.02 | Dec 5, 2018 | OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. | |
| CVE-2018-16478 | — | Med | 0.35 | 5.3 | 0.01 | Dec 4, 2018 | A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root. |
- risk 0.35cvss 6.5epss 0.02
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows…
- risk 0.35cvss 5.3epss 0.01
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.
- risk 0.35cvss 6.5epss 0.01
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs…
- risk 0.35cvss 5.3epss 0.04
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
- risk 0.35cvss 5.3epss 0.01
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path…
- risk 0.35cvss 6.5epss 0.02
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
- risk 0.35cvss 6.5epss 0.02
This affects the package jsreport-chrome-pdf before 1.10.0.
- risk 0.35cvss 6.5epss 0.02
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
- risk 0.35cvss 6.5epss 0.01
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
- risk 0.35cvss 6.5epss 0.02
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
- risk 0.35cvss 5.3epss 0.03
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.
- risk 0.35cvss 6.5epss 0.02
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.
- risk 0.35cvss 6.5epss 0.01
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.
- risk 0.35cvss 6.5epss 0.03
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
- risk 0.35cvss 5.3epss 0.02
A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders.
- risk 0.35cvss 5.3epss 0.01
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.
- risk 0.35cvss 5.3epss 0.01
Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.
- risk 0.35cvss 5.3epss 0.01
Path traversal using symlink in npm harp module versions <= 0.29.0.
- risk 0.35cvss 6.5epss 0.02
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.
- risk 0.35cvss 5.3epss 0.01
A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.