CVE-2018-10057

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-10057
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10057.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-10057
Related
Published
2018-06-05T21:29:00Z
Modified
2025-02-19T02:27:52.587211Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

References

Affected packages

Git / github.com/ckolivas/cgminer

Affected ranges

Type
GIT
Repo
https://github.com/ckolivas/cgminer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Type
GIT
Repo
https://github.com/luke-jr/bfgminer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected

Affected versions

bfgminer-2.*

bfgminer-2.10.0
bfgminer-2.10.1
bfgminer-2.10.2
bfgminer-2.10.3
bfgminer-2.10.4
bfgminer-2.10.5
bfgminer-2.3.4
bfgminer-2.3.5
bfgminer-2.3.6
bfgminer-2.4.2
bfgminer-2.4.4
bfgminer-2.5.0
bfgminer-2.5.1
bfgminer-2.5.2
bfgminer-2.5.3
bfgminer-2.6.0
bfgminer-2.6.1
bfgminer-2.6.3
bfgminer-2.6.4
bfgminer-2.6.5
bfgminer-2.6.6
bfgminer-2.7.0
bfgminer-2.7.1
bfgminer-2.7.3
bfgminer-2.7.4
bfgminer-2.7.5
bfgminer-2.8.0
bfgminer-2.8.1
bfgminer-2.8.2
bfgminer-2.8.3
bfgminer-2.9.0
bfgminer-2.9.1
bfgminer-2.9.2
bfgminer-2.9.3

bfgminer-3.*

bfgminer-3.0.0
bfgminer-3.0.1
bfgminer-3.0.2
bfgminer-3.1.0
bfgminer-3.1.1
bfgminer-3.1.2
bfgminer-3.1.3
bfgminer-3.1.4
bfgminer-3.10.0
bfgminer-3.2.0
bfgminer-3.2.1
bfgminer-3.3.0
bfgminer-3.4.0
bfgminer-3.5.0
bfgminer-3.5.1
bfgminer-3.5.2
bfgminer-3.6.0
bfgminer-3.7.0
bfgminer-3.8.0
bfgminer-3.8.1
bfgminer-3.9.0

bfgminer-4.*

bfgminer-4.0.0
bfgminer-4.1.0
bfgminer-4.10.0
bfgminer-4.2.0
bfgminer-4.3.0
bfgminer-4.4.0
bfgminer-4.5.0
bfgminer-4.6.0
bfgminer-4.7.0
bfgminer-4.8.0
bfgminer-4.9.0

v0.*

v0.1
v0.1.1
v0.1.2
v0.2
v0.2.1
v0.2.2
v0.3
v0.3.1
v0.3.2
v0.3.3
v0.5
v0.6
v0.6.1
v0.7
v0.7.1
v0.7.2
v0.8
v0.8.1

v1.*

v1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.7
v1.5.8
v1.6.0
v1.6.1
v1.6.2

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.1.0
v2.1.1
v2.1.2
v2.10.0
v2.10.1
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.3.0
v2.3.0-1
v2.3.1
v2.3.1-2
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.6-1
v2.8.7
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6

v3.*

v3.0.0
v3.0.1
v3.1.0
v3.1.1
v3.10.0
v3.11.0
v3.12.0
v3.12.1
v3.12.2
v3.12.3
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.5.0
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.7.0
v3.7.1
v3.7.2
v3.7.2-knc
v3.8.0
v3.8.1
v3.8.1-knc.2
v3.8.2
v3.8.3
v3.8.3-knc
v3.8.4
v3.8.5
v3.8.5-knc
v3.8.5-knc.2
v3.9.0

v4.*

v4.0.0
v4.0.1
v4.1.0
v4.10.0
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.4.0
v4.4.0-knc2.0
v4.4.0-knc3.0
v4.4.0-knc3.1
v4.4.0-knc3.2
v4.4.0-knc3.3
v4.4.1
v4.4.1-knc3.4
v4.4.1-knc3.5
v4.4.2
v4.5.0
v4.6.0
v4.6.1
v4.7.0
v4.7.1
v4.8.0
v4.9.0
v4.9.1
v4.9.2