Описание
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the boundaries of a configured Virtual Folder. This vulnerability is fixed in 2.7.1.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.1 (исключая)
cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.0002
Низкий
8.1 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 8.1
debian
16 дней назад
SFTPGo is an open source, event-driven file transfer solution. In SFTP ...
github
16 дней назад
SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy
EPSS
Процентиль: 5%
0.0002
Низкий
8.1 High
CVSS3
Дефекты
CWE-22