CVE-2023-31046 - Vulnerability Details - OpenCVE

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach getStaticContent in UIContentResource.class in the static-content-files servlet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00224.

Key SSVC decision points have not yet been added.

Vendors	Products
Papercut	Papercut Mf Papercut Ng

Configuration 1 [-]

OR	cpe:2.3:a:papercut:papercut_mf::::::::
	cpe:2.3:a:papercut:papercut_ng::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-35382	A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach getStaticContent in UIContentResource.class in the static-content-files servlet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://research.aurainfosec.io/disclosure/papercut/
https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications
https://www.papercut.com/kb/Main/SecurityBulletinJune2023

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-19T00:00:00

Updated: 2024-09-13T14:49:14.996Z

Reserved: 2023-04-24T00:00:00

Link: CVE-2023-31046

Vulnrichment

Updated: 2024-08-02T14:45:25.775Z

NVD

Status : Modified

Published: 2023-10-19T14:15:08.883

Modified: 2024-11-21T08:01:18.953

Link: CVE-2023-31046

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-31046", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-13T14:49:14.996Z", "dateReserved": "2023-04-24T00:00:00", "datePublished": "2023-10-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-19T23:19:09.447605"}, "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with \"GET /ui/static/..//..\" reach getStaticContent in UIContentResource.class in the static-content-files servlet."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications"}, {"url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023"}, {"url": "https://research.aurainfosec.io/disclosure/papercut/"}, {"url": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.775Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications", "tags": ["x_transferred"]}, {"url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023", "tags": ["x_transferred"]}, {"url": "https://research.aurainfosec.io/disclosure/papercut/", "tags": ["x_transferred"]}, {"url": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-13T14:48:16.443381Z", "id": "CVE-2023-31046", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T14:49:14.996Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications", "tags": ["x_transferred"]}, {"url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023", "tags": ["x_transferred"]}, {"url": "https://research.aurainfosec.io/disclosure/papercut/", "tags": ["x_transferred"]}, {"url": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.775Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-31046", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-13T14:48:16.443381Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T14:49:07.731Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications"}, {"url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023"}, {"url": "https://research.aurainfosec.io/disclosure/papercut/"}, {"url": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/"}], "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with \"GET /ui/static/..//..\" reach getStaticContent in UIContentResource.class in the static-content-files servlet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-19T23:19:09.447605"}}}, "cveMetadata": {"cveId": "CVE-2023-31046", "state": "PUBLISHED", "dateUpdated": "2024-09-13T14:49:14.996Z", "dateReserved": "2023-04-24T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-10-19T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", "matchCriteriaId": "E017C8AB-3DE6-4506-8F25-95DCD901FFAE", "versionEndExcluding": "22.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FB63050-D74D-417B-9639-B81D3B789EE1", "versionEndExcluding": "22.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with \"GET /ui/static/..//..\" reach getStaticContent in UIContentResource.class in the static-content-files servlet."}, {"lang": "es", "value": "Existe una vulnerabilidad de Path Traversal en PaperCut NG anterior a 22.1.1 y PaperCut MF anterior a 22.1.1. En condiciones espec\u00edficas, esto podr\u00eda permitir que un atacante autenticado obtenga acceso de solo lectura al sistema de archivos del servidor, porque las solicitudes que comienzan con \"GET /ui/static/..//..\" alcanza getStaticContent en UIContentResource.class en el servlet static-content-files."}], "id": "CVE-2023-31046", "lastModified": "2024-11-21T08:01:18.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-19T14:15:08.883", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://research.aurainfosec.io/disclosure/papercut/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://research.aurainfosec.io/disclosure/papercut/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}