CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 241 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-8567 | — | Med | 0.00 | 4.9 | 0.01 | Jan 21, 2021 | Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including… | |
| CVE-2020-35883 | — | Cri | 0.00 | 9.1 | 0.02 | Dec 31, 2020 | An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. | |
| CVE-2020-27534 | — | Med | 0.00 | 5.3 | 0.02 | Dec 30, 2020 | util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | |
| CVE-2020-2275 | Med | 0.00 | 6.5 | 0.02 | Sep 16, 2020 | Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | ||
| CVE-2020-7669 | — | Hig | 0.00 | 7.5 | 0.02 | Sep 1, 2020 | This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. | |
| CVE-2020-7666 | — | Hig | 0.00 | 7.5 | 0.02 | Sep 1, 2020 | This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction. | |
| CVE-2020-7665 | — | Hig | 0.00 | 7.5 | 0.02 | Sep 1, 2020 | This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction. | |
| CVE-2020-12479 | — | Hig | 0.00 | 8.8 | 0.03 | Apr 29, 2020 | TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | |
| CVE-2020-10696 | — | Hig | 0.00 | 8.8 | 0.03 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | |
| CVE-2020-8131 | — | Hig | 0.00 | 7.5 | 0.05 | Feb 24, 2020 | Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | |
| CVE-2019-10152 | Hig | 0.00 | 7.2 | 0.00 | Jul 30, 2019 | A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator… | ||
| CVE-2018-12473 | Low | 0.00 | 3.1 | 0.02 | Oct 2, 2018 | A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build… | ||
| CVE-2018-1000659 | Hig | 0.00 | 8.8 | 0.04 | Sep 6, 2018 | LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated… | ||
| CVE-2017-16654 | — | Hig | 0.00 | 7.5 | 0.03 | Aug 6, 2018 | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to… | |
| CVE-2018-10897 | Hig | 0.00 | 8.1 | 0.06 | Aug 1, 2018 | A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted… | ||
| CVE-2018-1002209 | Med | 0.00 | 5.5 | 0.06 | Jul 25, 2018 | QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||
| CVE-2018-1000208 | Hig | 0.00 | 7.5 | 0.02 | Jul 13, 2018 | MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have… | ||
| CVE-2018-14036 | Med | 0.00 | 6.5 | 0.03 | Jul 13, 2018 | Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. | ||
| CVE-2018-12976 | Cri | 0.00 | 9.8 | 0.04 | Jul 5, 2018 | In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code execution. | ||
| CVE-2018-12559 | Hig | 0.00 | 8.8 | 0.02 | Jun 19, 2018 | An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing… |
- risk 0.00cvss 4.9epss 0.01
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including…
- risk 0.00cvss 9.1epss 0.02
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.
- risk 0.00cvss 5.3epss 0.02
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
- risk 0.00cvss 6.5epss 0.02
Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.
- risk 0.00cvss 7.5epss 0.02
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.
- risk 0.00cvss 7.5epss 0.02
This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction.
- risk 0.00cvss 7.5epss 0.02
This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.
- risk 0.00cvss 8.8epss 0.03
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
- risk 0.00cvss 8.8epss 0.03
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
- risk 0.00cvss 7.5epss 0.05
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
- risk 0.00cvss 7.2epss 0.00
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator…
- risk 0.00cvss 3.1epss 0.02
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build…
- risk 0.00cvss 8.8epss 0.04
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated…
- risk 0.00cvss 7.5epss 0.03
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to…
- risk 0.00cvss 8.1epss 0.06
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted…
- risk 0.00cvss 5.5epss 0.06
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
- risk 0.00cvss 7.5epss 0.02
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have…
- risk 0.00cvss 6.5epss 0.03
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
- risk 0.00cvss 9.8epss 0.04
In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code execution.
- risk 0.00cvss 8.8epss 0.02
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing…