vulnerability

Ignite Openfire: CVE-2023-32315: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:P/A:P)	05/26/2023	04/08/2024	04/09/2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:P/A:P)

Published

05/26/2023

Added

04/08/2024

Modified

04/09/2024

Description

Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users.

Solution

ignite-openfire-cve-2023-32315

References

CVE-2023-32315
https://attackerkb.com/topics/CVE-2023-32315
URL-https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today