9.8

CVE-2023-50729

EPSS 0.6%
Veröffentlicht 15.01.2024 16:15:11
Zuletzt bearbeitet 21.11.2024 08:37:13
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

An unrestricted file upload vulnerability in traccar leads to RCE

Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations.  Version 5.11 was published to fix this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Traccar ≫ Traccar Version < 5.11

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.44

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	8.4	1.7	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/traccar/traccar/security/advisories/GHSA-pqf7-8g85-vx2q

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50729

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50729

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50729

EUVD