/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2023-35887

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-35887

Severity

4.3

Medium

CVSS V3

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

References

  • https://images.chainguard.dev/security/CGA-hj92-m5qg-wq7h
  • https://github.com/advisories/GHSA-mjmq-gwgm-5qhm
  • https://images.chainguard.dev/security/CGA-qq5m-vpwq-j9hc
  • https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2

Affected packages

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal