/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2023-35887

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-35887

CGA ID

CGA-hj92-m5qg-wq7h

Severity

Unknown

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

References

  • https://images.chainguard.dev/security/CGA-hj92-m5qg-wq7h
  • https://github.com/advisories/GHSA-mjmq-gwgm-5qhm
  • https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation