CVE-2023-46307

Sažetak

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system.

Reference

http://seclists.org/fulldisclosure/2023/Nov/11
http://seclists.org/fulldisclosure/2023/Nov/9
https://hub.docker.com/r/buddho/etcd-browser
https://hub.docker.com/r/buddho/etcd-browser/tags

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

12-12-2023 - 17:06

Objavljeno

07-12-2023 - 06:15