CVE-2023-2984

Name of the Vulnerable Software and Affected Versions pimcore/pimcore versions prior to 10.5.22

Description A path traversal issue exists, allowing an attacker to overwrite or modify sensitive files by manipulating the pimcore log parameter. This can lead to potential denial of service due to key file overwrite. The impact includes overwriting or modifying sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information, as well as tampering with system settings and causing a denial of service if critical system files are overwritten or deleted.

Recommendations For versions prior to 10.5.22, update to version 10.5.22 or apply the patch manually from https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed.patch. As a temporary workaround, consider restricting access to the pimcore log parameter to minimize the risk of exploitation.