VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 240 of 275
  • CVE-2024-25125Feb 14, 2024
    risk 0.00cvss epss 0.30

    Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This…

  • CVE-2024-1485Feb 13, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup…

  • CVE-2024-1163Feb 13, 2024
    risk 0.00cvss epss 0.00

    The attacker may exploit a path traversal vulnerability leading to information disclosure.

  • CVE-2024-23833Feb 12, 2024
    risk 0.00cvss epss 0.01

    OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver…

  • CVE-2023-23608NonJan 26, 2023
    risk 0.00cvss 0.0epss 0.01

    Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and…

  • CVE-2022-36889HigJul 27, 2022
    risk 0.00cvss 8.8epss 0.01

    Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the…

  • CVE-2022-25842MedMay 1, 2022
    risk 0.00cvss 6.9epss 0.04

    All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable…

  • CVE-2021-26601HigMar 28, 2022
    risk 0.00cvss 8.1epss 0.03

    ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.

  • CVE-2021-29134MedMar 15, 2022
    risk 0.00cvss 5.3epss 0.01

    The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.

  • CVE-2022-0673MedFeb 18, 2022
    risk 0.00cvss 6.5epss 0.01

    A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.

  • CVE-2022-22931MedFeb 7, 2022
    risk 0.00cvss 4.3epss 0.02

    Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the…

  • CVE-2022-22932MedJan 26, 2022
    risk 0.00cvss 5.3epss 0.03

    Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision:…

  • CVE-2022-23107HigJan 12, 2022
    risk 0.00cvss 8.1epss 0.02

    Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.

  • CVE-2021-44278CriDec 3, 2021
    risk 0.00cvss 9.8epss 0.01

    Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.

  • CVE-2021-38511HigAug 10, 2021
    risk 0.00cvss 7.5epss 0.01

    An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.

  • CVE-2021-36156MedAug 3, 2021
    risk 0.00cvss 5.3epss 0.01

    An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules…

  • CVE-2021-30483MedJul 30, 2021
    risk 0.00cvss 5.3epss 0.02

    isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.

  • CVE-2021-33497CriMay 24, 2021
    risk 0.00cvss 9.1epss 0.02

    Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.

  • CVE-2021-20206HigMar 26, 2021
    risk 0.00cvss 7.2epss 0.02

    An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries…

  • CVE-2021-27367HigFeb 17, 2021
    risk 0.00cvss 7.5epss 0.02

    Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.