Main Vulnerability Database Vulnerabilities #VU72326

Path traversal in GuardDog - CVE-2022-23530

Published: February 16, 2023

Vulnerability identifier: #VU72326

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-23530

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GuardDog

Software vendor:
DataDog

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when extracting files using the shutil.unpack_archive() function. A remote attacker can pass a specially crafted archive to the application and write files to an arbitrary location on the system.

Successful exploitation of the vulnerability may allows an attacker to compromise the affected system.

Remediation

Install update from vendor's website.

External links

https://github.com/DataDog/guarddog/blob/a1d064ceb09d39bb28deb6972bc0a278756ea91f/guarddog/scanners/package_scanner.py#L153..158
https://github.com/DataDog/guarddog/security/advisories/GHSA-78m5-jpmf-ch7v
https://github.com/DataDog/guarddog/commit/37c7d0767ba28f4df46117d478f97652594c491c

Path traversal in GuardDog - CVE-2022-23530

Description

Remediation

External links

Please verify you're human