vulnerability
Red Hat JBoss EAP: CVE-2023-35887: Path Traversal
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jul 10, 2023 | Sep 19, 2024 | Jul 2, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jul 10, 2023
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.
In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.
This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10. A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.
In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.
This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10. A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-22
- CVE-2023-35887
- https://attackerkb.com/topics/CVE-2023-35887
- URL-https://access.redhat.com/security/cve/CVE-2023-35887
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2240036
- URL-https://access.redhat.com/errata/RHSA-2023:7637
- URL-https://access.redhat.com/errata/RHSA-2023:7638
- URL-https://access.redhat.com/errata/RHSA-2023:7639
- URL-https://access.redhat.com/errata/RHSA-2023:7641
- URL-https://access.redhat.com/errata/RHSA-2024:1192
- URL-https://access.redhat.com/errata/RHSA-2024:1193
- URL-https://access.redhat.com/errata/RHSA-2024:1194
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.