CVE-2018-10057

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-10057

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10057.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-10057

Downstream

UBUNTU-CVE-2018-10057

Published

2018-06-05T21:29:00.867Z

Modified

2026-02-14T07:29:45.368937Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

References

Affected packages

Git / github.com/luke-jr/bfgminer

Affected ranges

Type: GIT
Repo: https://github.com/luke-jr/bfgminer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

adfcccdab3d196df7d79df6604f1965ee6e0afb4

Affected versions

bfgminer-2.*

bfgminer-2.10.0

bfgminer-2.10.1

bfgminer-2.10.2

bfgminer-2.10.3

bfgminer-2.10.4

bfgminer-2.10.5

bfgminer-2.3.4

bfgminer-2.3.5

bfgminer-2.3.6

bfgminer-2.4.2

bfgminer-2.4.4

bfgminer-2.5.0

bfgminer-2.5.1

bfgminer-2.5.2

bfgminer-2.5.3

bfgminer-2.6.0

bfgminer-2.6.1

bfgminer-2.6.3

bfgminer-2.6.4

bfgminer-2.6.5

bfgminer-2.6.6

bfgminer-2.7.0

bfgminer-2.7.1

bfgminer-2.7.3

bfgminer-2.7.4

bfgminer-2.7.5

bfgminer-2.8.0

bfgminer-2.8.1

bfgminer-2.8.2

bfgminer-2.8.3

bfgminer-2.9.0

bfgminer-2.9.1

bfgminer-2.9.2

bfgminer-2.9.3

bfgminer-3.*

bfgminer-3.0.0

bfgminer-3.0.1

bfgminer-3.0.2

bfgminer-3.1.0

bfgminer-3.1.1

bfgminer-3.1.2

bfgminer-3.1.3

bfgminer-3.1.4

bfgminer-3.10.0

bfgminer-3.2.0

bfgminer-3.2.1

bfgminer-3.3.0

bfgminer-3.4.0

bfgminer-3.5.0

bfgminer-3.5.1

bfgminer-3.5.2

bfgminer-3.6.0

bfgminer-3.7.0

bfgminer-3.8.0

bfgminer-3.8.1

bfgminer-3.9.0

bfgminer-4.*

bfgminer-4.0.0

bfgminer-4.1.0

bfgminer-4.10.0

bfgminer-4.2.0

bfgminer-4.3.0

bfgminer-4.4.0

bfgminer-4.5.0

bfgminer-4.6.0

bfgminer-4.7.0

bfgminer-4.8.0

bfgminer-4.9.0

bfgminer-4.99.0

bfgminer-4.99.1

bfgminer-5.*

bfgminer-5.0.0

bfgminer-5.1.0

bfgminer-5.2.0

bfgminer-5.4.0

bfgminer-5.4.1

bfgminer-5.4.2

bfgminer-5.5.0

v0.*

v0.1

v0.1.1

v0.1.2

v0.2

v0.2.1

v0.2.2

v0.3

v0.3.1

v0.3.2

v0.3.3

v0.5

v0.6

v0.6.1

v0.7

v0.7.1

v0.7.2

v0.8

v0.8.1

v1.*

v1.0

v1.1.1

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.7

v1.5.8

v1.6.0

v1.6.1

v1.6.2

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.1.0

v2.1.1

v2.1.2

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.3.0

v2.3.0-1

v2.3.1

v2.3.1-2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10057.json"