VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 157 of 275
  • CVE-2023-41930MedSep 6, 2023
    risk 0.28cvss 4.3epss 0.01

    Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.

  • CVE-2023-24455MedJan 26, 2023
    risk 0.28cvss 4.3epss 0.01

    Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

  • CVE-2023-24449MedJan 26, 2023
    risk 0.28cvss 4.3epss 0.01

    Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

  • CVE-2022-4572MedDec 17, 2022
    risk 0.28cvss 5.4epss 0.01

    A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The…

  • CVE-2020-24855MedDec 15, 2022
    risk 0.28cvss 5.3epss 0.01

    Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request.

  • CVE-2020-36565MedDec 7, 2022
    risk 0.28cvss 5.3epss 0.01

    Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

  • CVE-2022-3361MedNov 29, 2022
    risk 0.28cvss 4.3epss 0.02

    The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply…

  • CVE-2022-26049MedSep 11, 2022
    risk 0.28cvss 5.3epss 0.02

    This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an…

  • CVE-2022-36890MedJul 27, 2022
    risk 0.28cvss 4.3epss 0.01

    Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file…

  • CVE-2022-34170MedJun 23, 2022
    risk 0.28cvss 5.4epss 0.01

    In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability…

  • CVE-2022-30949MedMay 17, 2022
    risk 0.28cvss 5.3epss 0.01

    Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

  • CVE-2021-45452MedJan 5, 2022
    risk 0.28cvss 5.3epss 0.02

    Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.

  • CVE-2021-43788MedNov 29, 2021
    risk 0.28cvss 5.0epss 0.26

    Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to…

  • CVE-2021-32061MedNov 29, 2021
    risk 0.28cvss 5.3epss 0.02

    S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a ../ substring in a ListBucketResult element.

  • CVE-2021-36157MedAug 3, 2021
    risk 0.28cvss 5.3epss 0.01

    An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a…

  • CVE-2021-28584MedJun 28, 2021
    risk 0.28cvss 5.4epss 0.02

    Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to…

  • CVE-2021-3281MedFeb 2, 2021
    risk 0.28cvss 5.3epss 0.08

    In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.

  • CVE-2020-35460MedDec 14, 2020
    risk 0.28cvss 5.3epss 0.02

    common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.

  • CVE-2020-7790MedDec 11, 2020
    risk 0.28cvss 5.3epss 0.01

    This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.

  • CVE-2020-7651MedMay 29, 2020
    risk 0.28cvss 4.3epss 0.01

    All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.