Vulnerability Description
A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach getStaticContent in UIContentResource.class in the static-content-files servlet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Papercut | Papercut Mf | < 22.1.1 |
| Papercut | Papercut Ng | < 22.1.1 |
Related Weaknesses (CWE)
References
- https://research.aurainfosec.io/disclosure/papercut/Third Party Advisory
- https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclThird Party Advisory
- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notificationsVendor Advisory
- https://www.papercut.com/kb/Main/SecurityBulletinJune2023Vendor Advisory
- https://research.aurainfosec.io/disclosure/papercut/Third Party Advisory
- https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclThird Party Advisory
- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notificationsVendor Advisory
- https://www.papercut.com/kb/Main/SecurityBulletinJune2023Vendor Advisory
FAQ
What is CVE-2023-31046?
CVE-2023-31046 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only...
How severe is CVE-2023-31046?
CVE-2023-31046 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31046?
Check the references section above for vendor advisories and patch information. Affected products include: Papercut Papercut Mf, Papercut Papercut Ng.