/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2023-35887

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-35887

Severity

4.3

Medium

CVSS V3

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

References

  • https://images.chainguard.dev/security/CGA-hj92-m5qg-wq7h

Affected packages


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing