Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4773: vuln-fix: Partial Path Traversal Vulnerability · HolgerHees/cloudsync@3ad7968

** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE
Open in Source
#vulnerability#linux#java#auth

This repository has been archived by the owner on Nov 26, 2022. It is now read-only.

Permalink

Browse files

vuln-fix: Partial Path Traversal Vulnerability

This fixes a partial path traversal vulnerability.

Replaces `dir.getCanonicalPath().startsWith(parent.getCanonicalPath())`, which is vulnerable to partial path traversal attacks, with the more secure `dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath())`.

To demonstrate this vulnerability, consider `"/usr/outnot".startsWith(“/usr/out”)`. The check is bypassed although `/outnot` is not under the `/out` directory. It’s important to understand that the terminating slash may be removed when using various `String` representations of the `File` object. For example, on Linux, `println(new File(“/var”))` will print `/var`, but `println(new File("/var", “/”)` will print `/var/`; however, `println(new File("/var", “/”).getCanonicalPath())` will print `/var`.

Weakness: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) Severity: Medium CVSSS: 6.1 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.PartialPathTraversalVulnerability)

Reported-by: Jonathan Leitschuh [email protected] Signed-off-by: Jonathan Leitschuh [email protected]

Bug-tracker: JLLeitschuh/security-research#13

Co-authored-by: Moderne [email protected]

  • Loading branch information

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE