Path traversal in GuardDog - CVE-2022-23531
Published: February 16, 2023
Vulnerability identifier: #VU72325
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-23531
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
GuardDog
GuardDog
Software vendor:
DataDog
DataDog
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error in the tarfile.TarFile.extractall function when extracting the .tar.gz file of the package. A remote attacker can pass a specially crafted archive to the application and write arbitrary files to the system using directory traversal characters in the filename.
Successful exploitation of the vulnerability may allows an attacker to compromise the affected system.
Remediation
Install update from vendor's website.