CVE-2023-31046

Опубликовано: 19 окт. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach getStaticContent in UIContentResource.class in the static-content-files servlet.

Ссылки

https://research.aurainfosec.io/disclosure/papercut/
Third Party Advisory
https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/
Third Party Advisory
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications
Vendor Advisory
https://www.papercut.com/kb/Main/SecurityBulletinJune2023
Vendor Advisory
https://research.aurainfosec.io/disclosure/papercut/
Third Party Advisory
https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/
Third Party Advisory
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications
Vendor Advisory
https://www.papercut.com/kb/Main/SecurityBulletinJune2023
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*

Версия до 22.1.1 (исключая)

cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*

Версия до 22.1.1 (исключая)

EPSS

Процентиль: 72%

0.00738

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-272r-9398-x32j

CVSS3: 6.5

github

почти 2 года назад

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an attacker to achieve read-only access to the server's filesystem.

BDU:2023-07129

CVSS3: 7.5

fstec