CVE-2023-29004

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-29004

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29004.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29004

Aliases

GHSA-7qqj-xhvr-46fv

Published

2023-04-17T18:34:07.972Z

Modified

2026-03-14T12:06:04.646189Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Path Traversal Vulnerability in hap-wi/roxy-wi

Details

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/options.py and the configfilename parameter. Successful exploitation of this vulnerability could allow an attacker with user level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root-cause of the vulnerability lies in the getconfig function of the /app/modules/config/config.py file, which only checks for relative path traversal, but still allows to read files from absolute locations passed via the configfile_name parameter.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29004.json"
}

References

Affected packages

Git / github.com/hap-wi/roxy-wi

Affected ranges

Type

GIT

Repo

https://github.com/hap-wi/roxy-wi

Events

Introduced

Last affected

d58b3b9ee2df6c11f023270a681ebd591344af19

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.3.9.0"
        }
    ]
}

Affected versions

3.*

3.4.4.6

3.4.4.7

3.4.5

3.4.5.1

v.*

v.5.3.5.0

v1.*

v1.0

v1.1

v1.10

v1.10.1

v1.10.2

v1.10.2.1

v1.3

v1.4

v1.4.1

v1.6

v1.9.1

v2.*

v2.0.2

v3.*

v3.2.13

v3.3

v4.*

v4.4.1.0

v5.*

v5.1.1.0

v5.1.4.0

v5.2.0

v5.2.1

v5.2.2.0

v5.2.3.0

v5.2.4.0

v5.2.5.0

v5.2.6.0

v5.3.0.0

v5.3.1.0

v5.3.2.0

v5.3.3.0

v5.3.4.0

v5.3.6.0

v5.4.0.0

v5.4.1.0

v5.4.2.0

v5.4.3.0

v5.5.0.0

v5.5.1.0

v6.*

v6.0.0.0

v6.0.1.0

v6.0.2.0

v6.0.3.0

v6.1.0.0

v6.1.1.0

v6.1.2.0

v6.1.3.0

v6.1.4.0

v6.1.5.0

v6.2.0.0

v6.2.1.0

v6.2.2.0

v6.2.3.0

v6.3.0.0

v6.3.1.0

v6.3.2.0

v6.3.3.0

v6.3.4.0

v6.3.5.0

v6.3.6.0

v6.3.7.0

v6.3.8.0

v6.3.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29004.json"