Vulnerability Details : CVE-2023-6069
Potential exploit
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
Products affected by CVE-2023-6069
- cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6069
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6069
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.9
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
huntr.dev | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
9.9
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
huntr.dev |
CWE ids for CVE-2023-6069
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security@huntr.dev (Secondary)
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by:
- nvd@nist.gov (Primary)
- security@huntr.dev (Secondary)
References for CVE-2023-6069
-
https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c
Privilege escalation via symbolic link vulnerability found in froxlorExploit;Third Party Advisory
-
https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc
check for symlinks when required to be within customer-homedir · Froxlor/Froxlor@9e8f32f · GitHubPatch
Jump to