{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35887", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-06-19T15:49:53.163Z", "datePublished": "2023-07-10T09:28:54.987Z", "dateUpdated": "2024-10-07T19:40:46.159Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache MINA SSHD", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.10", "status": "affected", "version": "1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Andrew Pikler"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.<br><br>In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.<br><br>This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10<br>"}], "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-07-19T07:18:06.740Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"}], "source": {"defect": ["SSHD-1324"], "discovery": "EXTERNAL"}, "title": "Apache MINA SSHD: Information disclosure bugs with RootedFilesystem", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:37:39.870Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-07T19:40:36.469029Z", "id": "CVE-2023-35887", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-07T19:40:46.159Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:37:39.870Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-35887", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-07T19:40:36.469029Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-07T19:40:41.560Z"}}], "cna": {"title": "Apache MINA SSHD: Information disclosure bugs with RootedFilesystem", "source": {"defect": ["SSHD-1324"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Andrew Pikler"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache MINA SSHD", "versions": [{"status": "affected", "version": "1.0", "lessThan": "2.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n", "supportingMedia": [{"type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.<br><br>In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.<br><br>This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-07-19T07:18:06.740Z"}}}, "cveMetadata": {"cveId": "CVE-2023-35887", "state": "PUBLISHED", "dateUpdated": "2024-10-07T19:40:46.159Z", "dateReserved": "2023-06-19T15:49:53.163Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2023-07-10T09:28:54.987Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*", "matchCriteriaId": "6975BA01-F3B2-4A87-8BC6-74109C5BA3B0", "versionEndExcluding": "2.9.3", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n"}], "id": "CVE-2023-35887", "lastModified": "2024-11-21T08:08:55.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "security@apache.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-10T16:15:53.050", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7641", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package": "sshd-common", "product_name": "EAP 7.4.14", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2024:1194", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "impact": "low", "package": "sshd-common", "product_name": "EAP 8.0.1", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2023:7700", "cpe": "cpe:/a:redhat:quarkus:2.13::el8", "package": "org.apache.sshd/sshd-common:2.10.0.redhat-00002", "product_name": "Red Hat build of Quarkus 2.13.9.Final", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:5396", "cpe": "cpe:/a:redhat:jboss_data_grid:8", "package": "apache-mina", "product_name": "Red Hat Data Grid 8.4.4", "release_date": "2023-09-28T00:00:00Z"}, {"advisory": "RHSA-2023:7638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2023:7638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2023:7639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2023:7639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2023:7637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2023:7637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2024:1192", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "impact": "low", "package": "eap8-apache-sshd-0:2.12.0-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1192", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "impact": "low", "package": "eap8-eclipse-jgit-0:6.6.1.202309021850-1.r_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1192", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "impact": "low", "package": "eap8-log4j-0:2.19.0-2.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1192", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "impact": "low", "package": "eap8-lucene-solr-0:8.11.2-2.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1192", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "impact": "low", "package": "eap8-parsson-0:1.1.5-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1192", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "impact": "low", "package": "eap8-wildfly-0:8.0.1-3.GA_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1193", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "impact": "low", "package": "eap8-apache-sshd-0:2.12.0-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1193", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "impact": "low", "package": "eap8-eclipse-jgit-0:6.6.1.202309021850-1.r_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1193", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "impact": "low", "package": "eap8-log4j-0:2.19.0-2.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1193", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "impact": "low", "package": "eap8-lucene-solr-0:8.11.2-2.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1193", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "impact": "low", "package": "eap8-parsson-0:1.1.5-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1193", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "impact": "low", "package": "eap8-wildfly-0:8.0.1-3.GA_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2024-03-06T00:00:00Z"}], "bugzilla": {"description": "apache-mina-sshd: information exposure in SFTP server implementations", "id": "2240036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10", "A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope."], "name": "CVE-2023-35887", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Out of support scope", "package_name": "sshd-common", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "sshd-common", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "sshd-common", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Affected", "package_name": "sshd-common", "product_name": "Red Hat Integration Camel Quarkus 2"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "sshd-common", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "sshd-common", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "sshd-common", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Will not fix", "package_name": "sshd-common", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "sshd-common", "product_name": "Red Hat support for Spring Boot"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Out of support scope", "package_name": "sshd-common", "product_name": "Red Hat Virtualization 4"}], "public_date": "2023-07-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-35887\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35887"], "threat_severity": "Moderate"}