CVE-2023-31046: Path Traversal
First published: Thu Oct 19 2023(Updated: )
A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach getStaticContent in UIContentResource.class in the static-content-files servlet.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Papercut Papercut Mf | <22.1.1 | |
| Papercut Papercut Ng | <22.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2023-31046.
What is the severity of CVE-2023-31046?
The severity of CVE-2023-31046 is medium.
What is the affected software for CVE-2023-31046?
The affected software for CVE-2023-31046 is PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1.
How does CVE-2023-31046 work?
CVE-2023-31046 is a Path Traversal vulnerability that allows an authenticated attacker to achieve read-only access to the server's filesystem under specific conditions.
How can I fix CVE-2023-31046?
To fix CVE-2023-31046, update to PaperCut NG version 22.1.1 or later, or PaperCut MF version 22.1.1 or later.
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/severity
- agent/author
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/type
- agent/description
- agent/event
- agent/weakness
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/papercut
- canonical/papercut papercut mf
- canonical/papercut papercut ng