CVE-2023-6335 - OpenCVE

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hypr	Workforce Access
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.hypr.com/security-advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: HYPR

Published: 2024-01-16T19:42:02.665Z

Updated: 2024-08-02T08:28:21.827Z

Reserved: 2023-11-27T18:04:52.332Z

Link: CVE-2023-6335

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-16T20:15:45.493

Modified: 2024-01-23T16:25:37.617

Link: CVE-2023-6335

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6335", "assignerOrgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512", "state": "PUBLISHED", "assignerShortName": "HYPR", "dateReserved": "2023-11-27T18:04:52.332Z", "datePublished": "2024-01-16T19:42:02.665Z", "dateUpdated": "2024-08-02T08:28:21.827Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Workforce Access", "vendor": "HYPR", "versions": [{"lessThan": "8.7", "status": "affected", "version": "0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.<p>This issue affects Workforce Access: before 8.7.</p>"}], "value": "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.\n\n"}], "impacts": [{"capecId": "CAPEC-73", "descriptions": [{"lang": "en", "value": "CAPEC-73 User-Controlled Filename"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512", "shortName": "HYPR", "dateUpdated": "2024-01-16T19:42:02.665Z"}, "references": [{"url": "https://www.hypr.com/security-advisories"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:28:21.827Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.hypr.com/security-advisories", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*", "matchCriteriaId": "83E3E9E9-12B1-41CE-B254-894EDCC79B3F", "versionEndExcluding": "8.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de resoluci\u00f3n de enlace incorrecta antes del acceso al archivo (\"Link Following\") en HYPR Workforce Access en Windows permite el nombre de archivo controlado por el usuario. Este problema afecta a Workforce Access: antes de 8.7."}], "id": "CVE-2023-6335", "lastModified": "2024-01-23T16:25:37.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.7, "source": "security@hypr.com", "type": "Secondary"}]}, "published": "2024-01-16T20:15:45.493", "references": [{"source": "security@hypr.com", "tags": ["Vendor Advisory"], "url": "https://www.hypr.com/security-advisories"}], "sourceIdentifier": "security@hypr.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "security@hypr.com", "type": "Secondary"}]}