An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Buddho
  • Etcd Browser

Configuration 1 [-]

cpe:2.3:a:buddho:etcd_browser:-:*:*:*:*:*:*:*
References
Link Resource
http://seclists.org/fulldisclosure/2023/Nov/11 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2023/Nov/9 Mailing List Third Party Advisory
https://hub.docker.com/r/buddho/etcd-browser Product
https://hub.docker.com/r/buddho/etcd-browser/tags Product
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-07T00:00:00

Updated: 2023-12-07T05:51:46.323739

Reserved: 2023-10-22T00:00:00

Link: CVE-2023-46307

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-12-07T06:15:54.683

Modified: 2023-12-12T17:06:02.260

Link: CVE-2023-46307

JSON object: View

cve-icon Redhat Information

No data.

CWE