Path traversal in copyparty
CVE-2023-37474

7.5HIGH

Key Information:

Vendor: 9001
Status: Copyparty
Vendor: CVE Published:; 14 July 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 90%

What is CVE-2023-37474?

Copyparty, a portable file server, is affected by a path traversal vulnerability that allows attackers to access files, directories, and commands outside the designated web document root. This vulnerability is present in versions prior to 1.8.2 and can lead to unauthorized information disclosure. The issue has been resolved in the 1.8.2 update, and users are urged to upgrade as there are no workarounds available.

Affected Version(s)

copyparty < 1.8.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-37474
Created by ilqarli27

References

https://github.com/9001/copyparty/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/9001/copyparty/commit/043e3c7dd683113e...

x_refsource_MISC

http://packetstormsecurity.com/files/173822/Copyparty-1.8...

EPSS Score

90% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 27, 2023
👾
Exploit known to exist
Jul 27, 2023
Vulnerability published
Jul 14, 2023
Vulnerability Reserved
Jul 6, 2023