PT-2024-1697 · Apache · Apache Sling Servlets Resolver

Carsten Ziegeler

Published

2024-02-06

Updated

2024-02-14

CVE-2024-23673

CVSS v3.1

8.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Sling Servlets Resolver versions prior to 2.11.0

Description The issue is related to incorrect restriction of the directory path name in the Apache Sling Servlets Resolver, which can be exploited by a remote attacker to execute arbitrary code. This can be achieved through path traversal, potentially allowing a user with write access to the repository to trick the Sling Servlet Resolver into loading a previously uploaded script. The exact configuration of the system determines its vulnerability to this attack.

Recommendations For Apache Sling Servlets Resolver versions prior to 2.11.0, upgrade to version 2.11.0 to fix the issue. It is recommended to upgrade regardless of the current system configuration to prevent potential exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2024-01385

CVE-2024-23673

GHSA-H2RQ-QHR7-53GM

Affected Products

Apache Sling Servlets Resolver

PT-2024-1697 · Apache · Apache Sling Servlets Resolver

CVE-2024-23673

Weakness Enumeration

Related Identifiers

Affected Products

References · 11