CVE-2023-36654

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
12/12/2023
Last modified:
13/12/2023

Description

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*


References to Advisories, Solutions, and Tools