CVE-2023-43256: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

September 25, 2023 (updated October 13, 2023)

A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.

References

blog.moku.fr/cves/CVE-unassigned/
github.com/GladysAssistant/Gladys/commit/f27d0ea4689c3deca5739b5f9ed45a2ddbf00b7b
nvd.nist.gov/vuln/detail/CVE-2023-43256

Code Behaviors & Features

Detect and mitigate CVE-2023-43256 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →