CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 240 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25125 | 0.00 | — | 0.30 | Feb 14, 2024 | Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This… | |||
| CVE-2024-1485 | 0.00 | — | 0.01 | Feb 13, 2024 | A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup… | |||
| CVE-2024-1163 | — | 0.00 | — | 0.00 | Feb 13, 2024 | The attacker may exploit a path traversal vulnerability leading to information disclosure. | ||
| CVE-2024-23833 | 0.00 | — | 0.01 | Feb 12, 2024 | OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver… | |||
| CVE-2023-23608 | Non | 0.00 | 0.0 | 0.01 | Jan 26, 2023 | Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and… | ||
| CVE-2022-36889 | Hig | 0.00 | 8.8 | 0.01 | Jul 27, 2022 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the… | ||
| CVE-2022-25842 | — | Med | 0.00 | 6.9 | 0.04 | May 1, 2022 | All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable… | |
| CVE-2021-26601 | Hig | 0.00 | 8.1 | 0.03 | Mar 28, 2022 | ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. | ||
| CVE-2021-29134 | Med | 0.00 | 5.3 | 0.01 | Mar 15, 2022 | The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. | ||
| CVE-2022-0673 | — | Med | 0.00 | 6.5 | 0.01 | Feb 18, 2022 | A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal. | |
| CVE-2022-22931 | — | Med | 0.00 | 4.3 | 0.02 | Feb 7, 2022 | Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the… | |
| CVE-2022-22932 | — | Med | 0.00 | 5.3 | 0.03 | Jan 26, 2022 | Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision:… | |
| CVE-2022-23107 | Hig | 0.00 | 8.1 | 0.02 | Jan 12, 2022 | Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | ||
| CVE-2021-44278 | — | Cri | 0.00 | 9.8 | 0.01 | Dec 3, 2021 | Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. | |
| CVE-2021-38511 | — | Hig | 0.00 | 7.5 | 0.01 | Aug 10, 2021 | An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal. | |
| CVE-2021-36156 | — | Med | 0.00 | 5.3 | 0.01 | Aug 3, 2021 | An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules… | |
| CVE-2021-30483 | — | Med | 0.00 | 5.3 | 0.02 | Jul 30, 2021 | isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. | |
| CVE-2021-33497 | — | Cri | 0.00 | 9.1 | 0.02 | May 24, 2021 | Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | |
| CVE-2021-20206 | — | Hig | 0.00 | 7.2 | 0.02 | Mar 26, 2021 | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries… | |
| CVE-2021-27367 | — | Hig | 0.00 | 7.5 | 0.02 | Feb 17, 2021 | Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. |
- CVE-2024-25125Feb 14, 2024risk 0.00cvss —epss 0.30
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This…
- CVE-2024-1485Feb 13, 2024risk 0.00cvss —epss 0.01
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup…
- CVE-2024-1163Feb 13, 2024risk 0.00cvss —epss 0.00
The attacker may exploit a path traversal vulnerability leading to information disclosure.
- CVE-2024-23833Feb 12, 2024risk 0.00cvss —epss 0.01
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver…
- risk 0.00cvss 0.0epss 0.01
Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and…
- risk 0.00cvss 8.8epss 0.01
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the…
- risk 0.00cvss 6.9epss 0.04
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable…
- risk 0.00cvss 8.1epss 0.03
ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.
- risk 0.00cvss 5.3epss 0.01
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.
- risk 0.00cvss 6.5epss 0.01
A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.
- risk 0.00cvss 4.3epss 0.02
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the…
- risk 0.00cvss 5.3epss 0.03
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision:…
- risk 0.00cvss 8.1epss 0.02
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.
- risk 0.00cvss 9.8epss 0.01
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.
- risk 0.00cvss 7.5epss 0.01
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
- risk 0.00cvss 5.3epss 0.01
An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules…
- risk 0.00cvss 5.3epss 0.02
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.
- risk 0.00cvss 9.1epss 0.02
Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.
- risk 0.00cvss 7.2epss 0.02
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries…
- risk 0.00cvss 7.5epss 0.02
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.