CVE-2018-10057
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-10057
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10057.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-10057
- Downstream
- Published
- 2018-06-05T21:29:00.867Z
- Modified
- 2025-11-20T14:30:57.180191Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
- References
Affected packages
Git / github.com/ckolivas/cgminer
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ckolivas/cgminer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.1
v0.1.1
v0.1.2
v0.2
v0.2.1
v0.2.2
v0.3
v0.3.1
v0.3.2
v0.3.3
v0.5
v0.6
v0.6.1
v0.7
v0.7.1
v0.7.2
v0.8
v0.8.1
v1.*
v1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.7
v1.5.8
v1.6.0
v1.6.1
v1.6.2
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.1.0
v2.1.1
v2.1.2
v2.10.0
v2.10.1
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.3.0
v2.3.0-1
v2.3.1
v2.3.1-2
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.6-1
v2.8.7
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v3.*
v3.0.0
v3.0.1
v3.1.0
v3.1.1
v3.10.0
v3.11.0
v3.12.0
v3.12.1
v3.12.2
v3.12.3
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.5.0
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.7.0
v3.7.1
v3.7.2
v3.7.2-knc
v3.8.0
v3.8.1
v3.8.1-knc.2
v3.8.2
v3.8.3
v3.8.3-knc
v3.8.4
v3.8.5
v3.8.5-knc
v3.8.5-knc.2
v3.9.0
v4.*
v4.0.0
v4.0.1
v4.1.0
v4.10.0
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.4.0
v4.4.0-knc2.0
v4.4.0-knc3.0
v4.4.0-knc3.1
v4.4.0-knc3.2
v4.4.0-knc3.3
v4.4.1
v4.4.1-knc3.4
v4.4.1-knc3.5
v4.4.2
v4.5.0
v4.6.0
v4.6.1
v4.7.0
v4.7.1
v4.8.0
v4.9.0
v4.9.1
v4.9.2
Git / github.com/luke-jr/bfgminer
Affected ranges
- Type
- GIT
- Repo
- https://github.com/luke-jr/bfgminer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
Affected versions
bfgminer-2.*
bfgminer-2.10.0
bfgminer-2.10.1
bfgminer-2.10.2
bfgminer-2.10.3
bfgminer-2.10.4
bfgminer-2.10.5
bfgminer-2.3.4
bfgminer-2.3.5
bfgminer-2.3.6
bfgminer-2.4.2
bfgminer-2.4.4
bfgminer-2.5.0
bfgminer-2.5.1
bfgminer-2.5.2
bfgminer-2.5.3
bfgminer-2.6.0
bfgminer-2.6.1
bfgminer-2.6.3
bfgminer-2.6.4
bfgminer-2.6.5
bfgminer-2.6.6
bfgminer-2.7.0
bfgminer-2.7.1
bfgminer-2.7.3
bfgminer-2.7.4
bfgminer-2.7.5
bfgminer-2.8.0
bfgminer-2.8.1
bfgminer-2.8.2
bfgminer-2.8.3
bfgminer-2.9.0
bfgminer-2.9.1
bfgminer-2.9.2
bfgminer-2.9.3
bfgminer-3.*
bfgminer-3.0.0
bfgminer-3.0.1
bfgminer-3.0.2
bfgminer-3.1.0
bfgminer-3.1.1
bfgminer-3.1.2
bfgminer-3.1.3
bfgminer-3.1.4
bfgminer-3.10.0
bfgminer-3.2.0
bfgminer-3.2.1
bfgminer-3.3.0
bfgminer-3.4.0
bfgminer-3.5.0
bfgminer-3.5.1
bfgminer-3.5.2
bfgminer-3.6.0
bfgminer-3.7.0
bfgminer-3.8.0
bfgminer-3.8.1
bfgminer-3.9.0
bfgminer-4.*
bfgminer-4.0.0
bfgminer-4.1.0
bfgminer-4.10.0
bfgminer-4.2.0
bfgminer-4.3.0
bfgminer-4.4.0
bfgminer-4.5.0
bfgminer-4.6.0
bfgminer-4.7.0
bfgminer-4.8.0
bfgminer-4.9.0
v0.*
v0.1
v0.1.1
v0.1.2
v0.2
v0.2.1
v0.2.2
v0.3
v0.3.1
v0.3.2
v0.3.3
v0.5
v0.6
v0.6.1
v0.7
v0.7.1
v0.7.2
v0.8
v0.8.1
v1.*
v1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.7
v1.5.8
v1.6.0
v1.6.1
v1.6.2
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.1.0
v2.1.1
v2.1.2
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.3.0
v2.3.0-1
v2.3.1
v2.3.1-2