CVE-2023-47440: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

December 7, 2023 (updated December 12, 2023)

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

References

blog.moku.fr/cve/
blog.moku.fr/cves/CVE-2023-47440/
github.com/GladysAssistant/Gladys/pull/1918/commits/4f56ba250ff9f46578f1afa6a97e62e74bad83b7
nvd.nist.gov/vuln/detail/CVE-2023-47440

Code Behaviors & Features

Detect and mitigate CVE-2023-47440 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →