vulnerability

Ignite Openfire: CVE-2023-32315: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:P/A:P)	May 26, 2023	Apr 8, 2024	Apr 9, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:P/A:P)

Published

May 26, 2023

Added

Apr 8, 2024

Modified

Apr 9, 2024

Description

Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users.

Solution

ignite-openfire-cve-2023-32315

References

CVE-2023-32315
https://attackerkb.com/topics/CVE-2023-32315
https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report