CVE-2023-40035

Name of the Vulnerable Software and Affected Versions Craft versions prior to 3.8.15 Craft versions prior to 4.4.15

Description The issue is related to bypassing the validatePath function, which can lead to potential remote code execution. This can result in malicious control of vulnerable systems and data exfiltrations. The vulnerability is exploitable only in authenticated users with the configuration ALLOW ADMIN CHANGES=true.

Technical details about exploitation include the use of a file URI scheme, such as file:///path1/path2, to bypass path validation. The validatePath function is used to ensure that paths are not within system directories. However, this can be bypassed using the file scheme, which is supported in mkdir().

The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For Craft versions prior to 3.8.15, update to version 3.8.15 or later. For Craft versions prior to 4.4.15, update to version 4.4.15 or later. As a temporary workaround, consider disabling the validatePath function or restricting the use of the ALLOW ADMIN CHANGES=true configuration until a patch is available. Avoid using the file:/// scheme in paths until the issue is resolved.