[CVE Request] CWE-22: Unauthenticated Arbitrary File Write to RCE in Eclipse BaSyx V2
CVE Reservation Request
The Eclipse Foundation is a Common Vulnerabilities and Exposures (CVE) Numbering Authority.
Creating this ticket initiates reservation of a CVE ID for the documented vulnerability. The reserved CVE ID will be posted in a comment below, and kept confidential until explicit publication request.
CVE record information
Project name: Eclipse BaSyx Java Server SDK
Project id: dt.basyx
Versions affected: [0.0.0, 2.0.0-milestone-10)
Common Weakness Enumeration (CWE): - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Common Attack Pattern Enumerations and Classifications (CAPEC):
Common Vulnerability Scoring System: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary:
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.
Links:
Credits: Mohamed Lemine Ahmed Jidou (AegisSec)