Severity
Medium
Analysis Summary
CVE-2023-35887
Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation by the RootedFilesystem. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain information about items outside the rooted tree, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-35887
Affected Vendors
Apache
Affected Products
- Apache MINA SSHD 2.9.2
- Apache MINA SSHD 1.0.0
Remediation
Upgrade to the latest version of Apache MINA SSHD, available from the Apache Website.