VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 136 of 275
  • CVE-2021-21683MedOct 6, 2021
    risk 0.35cvss 6.5epss 0.02

    The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows…

  • CVE-2021-3806MedSep 18, 2021
    risk 0.35cvss 5.3epss 0.01

    A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.

  • CVE-2021-32662MedJun 3, 2021
    risk 0.35cvss 6.5epss 0.01

    Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs…

  • CVE-2021-28658MedApr 6, 2021
    risk 0.35cvss 5.3epss 0.04

    In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

  • CVE-2021-22114MedMar 1, 2021
    risk 0.35cvss 5.3epss 0.01

    Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path…

  • CVE-2020-28348MedNov 24, 2020
    risk 0.35cvss 6.5epss 0.02

    HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.

  • CVE-2020-7762MedNov 5, 2020
    risk 0.35cvss 6.5epss 0.02

    This affects the package jsreport-chrome-pdf before 1.10.0.

  • CVE-2020-2254MedSep 16, 2020
    risk 0.35cvss 6.5epss 0.02

    Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

  • CVE-2017-18874MedJun 19, 2020
    risk 0.35cvss 6.5epss 0.01

    An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.

  • CVE-2020-2139MedMar 9, 2020
    risk 0.35cvss 6.5epss 0.02

    An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

  • CVE-2020-3717MedJan 29, 2020
    risk 0.35cvss 5.3epss 0.03

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2019-16540MedNov 21, 2019
    risk 0.35cvss 6.5epss 0.02

    A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.

  • CVE-2019-10436MedOct 16, 2019
    risk 0.35cvss 6.5epss 0.01

    An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

  • CVE-2019-17109MedOct 9, 2019
    risk 0.35cvss 6.5epss 0.03

    Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.

  • CVE-2019-5480MedSep 3, 2019
    risk 0.35cvss 5.3epss 0.02

    A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders.

  • CVE-2019-5447MedJul 15, 2019
    risk 0.35cvss 5.3epss 0.01

    A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.

  • CVE-2019-5444MedJul 10, 2019
    risk 0.35cvss 5.3epss 0.01

    Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.

  • CVE-2019-5438MedMay 10, 2019
    risk 0.35cvss 5.3epss 0.01

    Path traversal using symlink in npm harp module versions <= 0.29.0.

  • CVE-2018-19859MedDec 5, 2018
    risk 0.35cvss 6.5epss 0.02

    OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.

  • CVE-2018-16478MedDec 4, 2018
    risk 0.35cvss 5.3epss 0.01

    A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.