An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-25T00:00:00
Updated: 2023-07-25T00:00:00
Reserved: 2022-12-09T00:00:00
Link: CVE-2022-46902
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-25T20:15:13.227
Modified: 2023-08-04T18:19:48.140
Link: CVE-2022-46902
JSON object: View
Redhat Information
No data.
CWE