The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-05T21:00:00
Updated: 2024-08-05T07:32:00.874Z
Reserved: 2018-04-11T00:00:00
Link: CVE-2018-10057
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-06-05T21:29:00.867
Modified: 2024-11-21T03:40:44.210
Link: CVE-2018-10057
Redhat
No data.