| tiêu đề | yohann( https://github.com/Yohann0617 ) oci-helper <=V3.2.4 Directory/Path Traversal |
|---|
| Mô tả | A path traversal vulnerability exists in oci-helper version 3.2.4 and earlier in the OCI configuration upload functionality. The application fails to properly validate user-supplied filenames when processing file uploads through the /api/oci/addCfg endpoint. An authenticated attacker can exploit this vulnerability by uploading a file with a specially crafted filename containing path traversal sequences (e.g., ../../../), allowing arbitrary file write to any location on the server filesystem where the application has write permissions. Successful exploitation can lead to complete system compromise through SSH key replacement, configuration tampering, or malicious code injection via cron jobs. The vulnerability is present in the OciServiceImpl.addCfg() method at line 146, where MultipartFile.getOriginalFilename() is directly concatenated with the base directory path without sanitization. CVSS v3.1 Base Score: 8.1 (High) - AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. |
|---|
| Nguồn | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/oci-helper-path-traversal-1/report.md |
|---|
| Người dùng | sh7err05 (UID 92498) |
|---|
| Đệ trình | 10/11/2025 15:03 (cách đây 7 các tháng) |
|---|
| Kiểm duyệt | 02/12/2025 10:35 (22 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 334031 [Yohann0617 oci-helper đến 3.2.4 OCI Configuration Upload OciServiceImpl.java addCfg Tệp tin duyệt thư mục] |
|---|
| điểm | 20 |
|---|