Description
This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.
Remediation
References
https://updates.snyk.io/snyk-broker-security-fixes-152338
https://github.com/snyk/broker/commit/90e0bac07a800b7c4c6646097c9c89d6b878b429
https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570608
Related Vulnerabilities
CVE-2020-2201 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration
CVE-2021-21345 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2023-34340 Vulnerability in maven package org.apache.accumulo:accumulo-shell
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all-server
CVE-2019-10325 Vulnerability in maven package io.jenkins.plugins:warnings-ng