CVE-2023-6908

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6908

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6908.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6908

Published

2023-12-18T04:15:52Z

Modified

2025-01-15T05:04:14.970730Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzipfile of the file kuiper/app/controllers/casemanagement.py of the component TAR Archive Handler. The manipulation of the argument dst_path leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is 94fa135153002f651f5526c55a7240e083db8d73. It is recommended to upgrade the affected component. The identifier VDB-248277 was assigned to this vulnerability.

References

Affected packages

Git / github.com/dfirkuiper/kuiper

Affected ranges

Type: GIT
Repo: https://github.com/dfirkuiper/kuiper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

94fa135153002f651f5526c55a7240e083db8d73

Fixed

94fa135153002f651f5526c55a7240e083db8d73

Affected versions

v1.*

v1.0.0

v2.*

v2.0.0

v2.0.10

v2.0.9

v2.3.3

v2.3.4