CVE-2023-38702

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-38702

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38702.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-38702

Aliases

GHSA-7mjh-73q3-c3fc

Published

2023-08-04T18:10:28.899Z

Modified

2025-12-04T23:59:37.568679Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Knowage Server vulnerable to path traversal via upload functionality

Details

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to /knowageqbeengine/foo.jsp to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the knowageqbeengine directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38702.json"
}

References

Affected packages

Git / github.com/knowagelabs/knowage-server

Affected ranges

Type: GIT
Repo: https://github.com/knowagelabs/knowage-server
Events: Introduced

eb0a58ddc4badcbf4502ca523cf415743c023aa0

Fixed

d098e2426ba05fab5dbce0eb78c3ccca46b5912e