CVE-2023-25303: Path Traversal
First published: Tue Apr 04 2023(Updated: )
ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Epic Games Launcher | <3.4.27.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-25303.
What is the severity of CVE-2023-25303?
The severity of CVE-2023-25303 is high with a CVSS score of 7.1.
What software versions are affected by CVE-2023-25303?
ATLauncher versions up to and excluding 3.4.27.0 are affected by CVE-2023-25303.
What is the impact of CVE-2023-25303?
CVE-2023-25303 allows for directory traversal, which can be exploited to create arbitrary files outside of the installation directory.
Are there any references available for CVE-2023-25303?
Yes, you can find references for CVE-2023-25303 at the following links: [GitHub Advisory](https://github.com/ATLauncher/ATLauncher/security/advisories/GHSA-7cff-8xv4-mvx6) and [QuiltMC Blog](https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/).
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/source
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/atlauncher
- canonical/epic games launcher