GHSA-vrp3-qmw4-rx8c

Опубликовано: 27 сент. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.9

Описание

In WS_FTP Server version 8.7.0 prior to 8.7.4 and

version 8.8.0 prior to 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.

In WS_FTP Server version 8.7.0 prior to 8.7.4 and

Ссылки

EPSS

Процентиль: 69%

0.00605

Низкий

9.9 Critical

CVSS3

CVE ID

CVE-2023-42657

Дефекты

CWE-22

Связанные уязвимости

CVE-2023-42657

CVSS3: 9.9

nvd

больше 2 лет назад

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.

BDU:2023-06452

CVSS3: 9.9

fstec

больше 2 лет назад

Уязвимость сервера WS_FTP Server, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю обойти ограничения безопасности, получить несанкционированный доступ на чтение, изменение или удаление данных и выполнить произвольные команды

EPSS

Процентиль: 69%

0.00605

Низкий

9.9 Critical

CVSS3

CVE ID

CVE-2023-42657

Дефекты

CWE-22