CVE-2023-46307
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
07/12/2023
Last modified:
28/05/2025
Description
An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:buddho:etcd_browser:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2023/Nov/11
- http://seclists.org/fulldisclosure/2023/Nov/9
- https://hub.docker.com/r/buddho/etcd-browser
- https://hub.docker.com/r/buddho/etcd-browser/tags
- http://seclists.org/fulldisclosure/2023/Nov/11
- http://seclists.org/fulldisclosure/2023/Nov/9
- https://hub.docker.com/r/buddho/etcd-browser
- https://hub.docker.com/r/buddho/etcd-browser/tags