CVE-2023-43802

Path Traversal: '.../...//' (CWE-35)

Published: Oct 18, 2023

010
CVSS 7.8EPSS 0.06%High
CVE info copied to clipboard

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/upload` which handles request with the `filename` parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate their privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

Vendor Advisory

GitHub Advisories released a security advisory.

Oct 18, 2023 at 10:02 AM
First Article

Feedly found the first article mentioning CVE-2023-43802. See article

Oct 18, 2023 at 6:33 PM / github.com
CVE Assignment

NVD published the first details for CVE-2023-43802

Oct 18, 2023 at 9:15 PM
EPSS

EPSS Score was set to: 0.06% (Percentile: 24.1%)

Oct 19, 2023 at 3:16 PM
Static CVE Timeline Graph

Affected Systems

Arduino/create_agent
+null more

Patches

Github Advisory
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

Vendor Advisory

[GHSA-75j7-w798-cwwx] Arduino Create Agent path traversal - local privilege escalation vulnerability
Package: github.com/arduino/arduino-create-agent Further details are available in the references.

News

Nozomi discloses presence of security flaws affect component of Arduino Create Cloud IDE
Researchers from Nozomi Networks Labs security team recently disclosed four vulnerabilities in the Arduino Create Agent software used for configuring Arduino Opta devices. Both vulnerabilities, when exploited, would allow an attacker to perform arbitrary code execution on the system in the context of the Arduino Create Agent service running on it, leading to the privilege escalation scenarios described above.
US-CERT Vulnerability Summary for the Week of October 16, 2023
advantech — r-seenet Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. 2023-10-18 not yet calculated CVE-2023-5642 MISC amd — radeon(tm)_graphics_driver An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. 2023-10-17 not yet calculated CVE-2023-20598 MISC apache — inlong Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814 2023-10-19 not yet calculated CVE-2023-46227 MISC apache — santuario-xml_security_for_java All versions of Apache Santuario – XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. 2023-10-20 not yet calculated CVE-2023-44483 MISC MISC apache — shenyu There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.
US-CERT Vulnerability Summary for the Week of October 16, 2023
advantech — r-seenet Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. 2023-10-18 not yet calculated CVE-2023-5642 MISC amd — radeon(tm)_graphics_driver An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. 2023-10-17 not yet calculated CVE-2023-20598 MISC apache — inlong Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814 2023-10-19 not yet calculated CVE-2023-46227 MISC apache — santuario-xml_security_for_java All versions of Apache Santuario – XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. 2023-10-20 not yet calculated CVE-2023-44483 MISC MISC apache — shenyu There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.
US-CERT Vulnerability Summary for the Week of October 16, 2023
advantech — r-seenet Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. 2023-10-18 not yet calculated CVE-2023-5642 MISC amd — radeon(tm)_graphics_driver An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. 2023-10-17 not yet calculated CVE-2023-20598 MISC apache — inlong Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814 2023-10-19 not yet calculated CVE-2023-46227 MISC apache — santuario-xml_security_for_java All versions of Apache Santuario – XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. 2023-10-20 not yet calculated CVE-2023-44483 MISC MISC apache — shenyu There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.
US-CERT Vulnerability Summary for the Week of October 16, 2023
advantech — r-seenet Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. 2023-10-18 not yet calculated CVE-2023-5642 MISC amd — radeon(tm)_graphics_driver An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. 2023-10-17 not yet calculated CVE-2023-20598 MISC apache — inlong Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814 2023-10-19 not yet calculated CVE-2023-46227 MISC apache — santuario-xml_security_for_java All versions of Apache Santuario – XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. 2023-10-20 not yet calculated CVE-2023-44483 MISC MISC apache — shenyu There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.
See 14 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI