exploitDog

CVE-2023-47440

Опубликовано: 07 дек. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

Ссылки

https://blog.moku.fr/cve/
Third Party Advisory
https://blog.moku.fr/cves/CVE-2023-47440/
Third Party Advisory
https://github.com/GladysAssistant/Gladys/pull/1918/commits/4f56ba250ff9f46578f1afa6a97e62e74bad83b7
Patch
https://blog.moku.fr/cve/
Third Party Advisory
https://blog.moku.fr/cves/CVE-2023-47440/
Third Party Advisory
https://github.com/GladysAssistant/Gladys/pull/1918/commits/4f56ba250ff9f46578f1afa6a97e62e74bad83b7
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gladysassistant:gladys_assistant:*:*:*:*:*:*:*:*

Версия до 4.30.0 (исключая)

EPSS

Процентиль: 65%

0.00487

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-c79f-pqgf-fhp3

CVSS3: 6.5

github

около 2 лет назад

Directory Traversal in Gladys Assistant

EPSS

Процентиль: 65%

0.00487

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22