CVE-2023-41629

A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal.
Configurations

Configuration 1 (hide)

cpe:2.3:a:esst:esst_monitoring:*:*:*:*:*:*:*:*

History

16 Sep 2024, 15:35

Type Values Removed Values Added
CWE CWE-34

23 Oct 2023, 18:28

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Esst esst Monitoring
Esst
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:esst:esst_monitoring:*:*:*:*:*:*:*:*
References (MISC) https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-41629-eSST-Path-Traversal.pdf - (MISC) https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-41629-eSST-Path-Traversal.pdf - Exploit, Third Party Advisory

17 Oct 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-17 22:15

Updated : 2024-09-16 15:35


NVD link : CVE-2023-41629

Mitre link : CVE-2023-41629

CVE.ORG link : CVE-2023-41629


JSON object : View

Products Affected

esst

  • esst_monitoring
CWE
NVD-CWE-noinfo CWE-34

Path Traversal: '....//'