Description

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Remediation

References

https://access.redhat.com/errata/RHSA-2023:2135

https://access.redhat.com/errata/RHSA-2023:3906

https://access.redhat.com/security/cve/CVE-2022-4244

https://bugzilla.redhat.com/show_bug.cgi?id=2149841

Related Vulnerabilities

CVE-2023-26108 Vulnerability in npm package @nestjs/core

CVE-2018-11499 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2022-42889 Vulnerability in maven package org.apache.commons:commons-text

CVE-2022-38370 Vulnerability in maven package org.apache.iotdb:iotdb-grafana-connector

CVE-2017-20162 Vulnerability in maven package org.webjars.npm:ms

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory Issue Tracking NVD-CWE-noinfo