CVE-2023-34096

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-34096
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34096.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-34096
Related
  • GHSA-vhqc-649h-994h
Published
2023-06-08T19:15:09Z
Modified
2025-01-08T15:01:36.507739Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file panorama.pm is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (.) and the slash (/). A fix is available in version 3.06.2.

References

Affected packages

Git / github.com/sni/thruk

Affected ranges

Type
GIT
Repo
https://github.com/sni/thruk
Events

Affected versions

0.*

0.20

1.*

1.0.0
1.0.1

v0.*

v0.20
v0.21_1
v0.27_1
v0.27_2
v0.30
v0.32
v0.46
v0.48
v0.50
v0.52
v0.54
v0.56
v0.58
v0.60
v0.66
v0.70
v0.70.1
v0.72
v0.72.2
v0.74
v0.76
v0.76.1
v0.78
v0.78.1
v0.78.2
v0.80
v0.82
v0.82.1
v0.84
v0.86
v0.90
v0.92
v0.94
v0.94.1
v0.94.2
v0.94.3
v0.94.4

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.18
v1.20
v1.22
v1.24
v1.26
v1.28
v1.30
v1.32
v1.34
v1.36
v1.38
v1.40
v1.42
v1.44
v1.46
v1.48
v1.50
v1.52
v1.54
v1.56
v1.58
v1.60
v1.60-2
v1.62
v1.64
v1.64-2
v1.66
v1.66-2
v1.68
v1.70
v1.70-2
v1.70-3
v1.70-4
v1.72
v1.72-2
v1.74
v1.74-2
v1.76
v1.76-2
v1.76-3
v1.78
v1.78-2
v1.78-3
v1.80
v1.80-2
v1.80-3
v1.82
v1.82-2
v1.84
v1.84-2
v1.84-3
v1.84-4
v1.84-5
v1.84-6
v1.86
v1.86-2
v1.86-3
v1.86-4
v1.88
v1.88-2
v1.88-3
v1.88-4

v2.*

v2.00
v2.00-2
v2.02
v2.04
v2.06
v2.08
v2.10
v2.10-2
v2.12
v2.12-2
v2.12-3
v2.14
v2.14-2
v2.16
v2.16-2
v2.18
v2.20
v2.20-2
v2.22
v2.24
v2.24-2
v2.26
v2.26-2
v2.28
v2.30
v2.30-2
v2.32
v2.32-2
v2.34
v2.34-2
v2.34-3
v2.36
v2.38
v2.38-2
v2.40
v2.40-2
v2.42
v2.42-2
v2.44
v2.44-2
v2.44-3
v2.44.3
v2.46
v2.46.2
v2.46.3
v2.48
v2.48.2

v3.*

v3.00
v3.00-alpha
v3.02
v3.04
v3.06