VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 241 of 275
  • CVE-2020-8567MedJan 21, 2021
    risk 0.00cvss 4.9epss 0.01

    Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including…

  • CVE-2020-35883CriDec 31, 2020
    risk 0.00cvss 9.1epss 0.02

    An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.

  • CVE-2020-27534MedDec 30, 2020
    risk 0.00cvss 5.3epss 0.02

    util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.

  • CVE-2020-2275MedSep 16, 2020
    risk 0.00cvss 6.5epss 0.02

    Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.

  • CVE-2020-7669HigSep 1, 2020
    risk 0.00cvss 7.5epss 0.02

    This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.

  • CVE-2020-7666HigSep 1, 2020
    risk 0.00cvss 7.5epss 0.02

    This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction.

  • CVE-2020-7665HigSep 1, 2020
    risk 0.00cvss 7.5epss 0.02

    This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.

  • CVE-2020-12479HigApr 29, 2020
    risk 0.00cvss 8.8epss 0.03

    TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.

  • CVE-2020-10696HigMar 31, 2020
    risk 0.00cvss 8.8epss 0.03

    A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

  • CVE-2020-8131HigFeb 24, 2020
    risk 0.00cvss 7.5epss 0.05

    Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.

  • CVE-2019-10152HigJul 30, 2019
    risk 0.00cvss 7.2epss 0.00

    A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator…

  • CVE-2018-12473LowOct 2, 2018
    risk 0.00cvss 3.1epss 0.02

    A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build…

  • CVE-2018-1000659HigSep 6, 2018
    risk 0.00cvss 8.8epss 0.04

    LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated…

  • CVE-2017-16654HigAug 6, 2018
    risk 0.00cvss 7.5epss 0.03

    An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to…

  • CVE-2018-10897HigAug 1, 2018
    risk 0.00cvss 8.1epss 0.06

    A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted…

  • CVE-2018-1002209MedJul 25, 2018
    risk 0.00cvss 5.5epss 0.06

    QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

  • CVE-2018-1000208HigJul 13, 2018
    risk 0.00cvss 7.5epss 0.02

    MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have…

  • CVE-2018-14036MedJul 13, 2018
    risk 0.00cvss 6.5epss 0.03

    Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

  • CVE-2018-12976CriJul 5, 2018
    risk 0.00cvss 9.8epss 0.04

    In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code execution.

  • CVE-2018-12559HigJun 19, 2018
    risk 0.00cvss 8.8epss 0.02

    An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing…