CVE-2023-49801

CVSS v3.1

4.2

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Lif Auth Server versions prior to 1.4.0

Description The issue relates to the get pfp and get banner routes on Auth Server, where there is no check to ensure that the file received through these URLs is correct. This could allow an attacker access to files they shouldn't have access to.

Recommendations For versions prior to 1.4.0, update to version 1.4.0 to resolve the issue. As a temporary workaround, consider restricting access to the get pfp and get banner routes until the update is applied.

Exploit

Fix

Path traversal

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-23

Related Identifiers

CVE-2023-49801

GHSA-3V77-PVQQ-QG3F

Affected Products

Lif Auth Server

CVE-2023-49801

Weakness Enumeration

Related Identifiers

Affected Products

References · 9