Directory Traversal Vulnerability in EMQX’s emqx_sn Plugin
CVE-2023-37781

6.5MEDIUM

Key Information:

Vendor: EMQx
Status: EMQx
Vendor: CVE Published:; 17 July 2023

What is CVE-2023-37781?

The emqx_sn plugin in EMQX version 4.3.8 has a vulnerability that permits attackers to execute a directory traversal attack by uploading a specially crafted .txt file. This flaw could potentially allow unauthorized access to files and directories on the server, leading to a risk of data exposure and system compromise.

References

https://github.com/emqx/emqx/issues/10419

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2023
Vulnerability Reserved
Jul 10, 2023

EMQx

What is CVE-2023-37781?

References

CVSS V3.1

Timeline