CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2023-37460 – Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver
https://notcve.org/view.php?id=CVE-2023-37460
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. • https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2 https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0 https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m https://access.redhat.com/security/cve/CVE-2023-37460 https://bugzilla.redhat.com/show_bug.cgi?id=2242288 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4244 – Codehaus-plexus: directory traversal
https://notcve.org/view.php?id=CVE-2022-4244
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files. Se encontró una falla en codeplex-codehaus. Un ataque de directory traversal (también conocido como path traversal) tiene como objetivo acceder a archivos y directorios almacenados fuera de la carpeta deseada. • https://access.redhat.com/errata/RHSA-2023:2135 https://access.redhat.com/errata/RHSA-2023:3906 https://access.redhat.com/security/cve/CVE-2022-4244 https://bugzilla.redhat.com/show_bug.cgi?id=2149841 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4245 – Codehaus-plexus: xml external entity (xxe) injection
https://notcve.org/view.php?id=CVE-2022-4245
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. Se encontró una falla en codehaus-plexus. El org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment no puede sanitizar los comentarios para una secuencia -->. • https://access.redhat.com/errata/RHSA-2023:2135 https://access.redhat.com/errata/RHSA-2023:3906 https://access.redhat.com/security/cve/CVE-2022-4245 https://bugzilla.redhat.com/show_bug.cgi?id=2149843 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 4CVE-2018-1002200 – plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
https://notcve.org/view.php?id=CVE-2018-1002200
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. plexus-archiver en versiones anteriores a la 3.6.0 es vulnerable a un salto de directorio, lo que permite que los atacantes escriban en archivos arbitrarios mediante un ../ (punto punto barra) en una entrada de archivo que se gestiona de manera incorrecta durante la extracción. Esta vulnerabilidad también se conoce como "Zip-Slip". A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or vulnerable configurations. • https://access.redhat.com/errata/RHSA-2018:1836 https://access.redhat.com/errata/RHSA-2018:1837 https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8 https://github.com/codehaus-plexus/plexus-archiver/pull/87 https://github.com/snyk/zip-slip-vulnerability https://snyk.io/research/zip-slip-vulnerability https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680 https://www.debian.org/security/2018/dsa-4227 https://access.redhat.com/security/cve/CVE-2018- • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5817
https://notcve.org/view.php?id=CVE-2012-5817
Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Codehaus XFire v1.2.6 y anteriores, tal y como se usa en la librería Amazon EC2 API Tools Java y otros productos, no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común (CN) del sujeto o con el campo subjectAltName del certificado X.509, lo que permite ataques man-in-the-middle que falsifican servidores SSL mediante un certificado válido de su elección. • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/79934 • CWE-295: Improper Certificate Validation •