VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 87 of 275
  • CVE-2021-21686HigNov 4, 2021
    risk 0.46cvss 8.1epss 0.02

    File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.

  • CVE-2021-41150HigOct 19, 2021
    risk 0.46cvss 8.2epss 0.01

    Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem.…

  • CVE-2021-41149HigOct 19, 2021
    risk 0.46cvss 8.2epss 0.01

    Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When…

  • CVE-2021-37713HigAug 31, 2021
    risk 0.46cvss 8.2epss 0.01

    The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not…

  • CVE-2021-37712HigAug 31, 2021
    risk 0.46cvss 8.2epss 0.02

    The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This…

  • CVE-2021-28966HigJul 30, 2021
    risk 0.46cvss 7.5epss 0.58

    In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.

  • CVE-2020-17518HigJan 5, 2021
    risk 0.46cvss 7.5epss 0.50

    Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to…

  • CVE-2020-5811MedDec 30, 2020
    risk 0.46cvss 6.5epss 0.09

    An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.

  • CVE-2020-15229HigOct 14, 2020
    risk 0.46cvss 8.2epss 0.02

    Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the…

  • CVE-2018-10501HigSep 24, 2018
    risk 0.46cvss 7.0epss 0.00

    This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…

  • CVE-2018-1000647HigAug 20, 2018
    risk 0.46cvss 7.1epss 0.01

    LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.

  • CVE-2018-1000194HigJun 5, 2018
    risk 0.46cvss 8.1epss 0.03

    A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.

  • CVE-2018-9038MedApr 10, 2018
    risk 0.46cvss 6.5epss 0.10

    Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.

  • CVE-2018-7706MedMar 15, 2018
    risk 0.46cvss 6.5epss 0.07

    Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.

  • CVE-2017-15309HigDec 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.

  • CVE-2017-2706HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and…

  • CVE-2017-15359MedOct 18, 2017
    risk 0.46cvss 6.5epss 0.06

    In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to…

  • CVE-2017-9067HigMay 18, 2017
    risk 0.46cvss 7.0epss 0.01

    In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

  • CVE-2016-10330HigMay 12, 2017
    risk 0.46cvss 7.1epss 0.01

    Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

  • CVE-2017-7929HigMay 6, 2017
    risk 0.46cvss 7.1epss 0.02

    An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.