Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.
In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.
This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-07-10T09:28:54.987Z
Updated: 2024-08-02T16:37:39.870Z
Reserved: 2023-06-19T15:49:53.163Z
Link: CVE-2023-35887
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-10T16:15:53.050
Modified: 2023-11-21T14:38:55.627
Link: CVE-2023-35887
Redhat