Skip to main content

Flarum CVE-2023-27577

MEDIUM
Path Traversal (CWE-22)
2023-03-10 security-advisories@github.com
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 10, 2023 - 21:15 nvd
MEDIUM 4.9

DescriptionNVD

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom LESS setting, which the LESS parser will then read. For example, an attacker could use the following code to read the contents of the /etc/passwd file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version 1.7. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.

AnalysisAI

flarum is a forum software package for building communities. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom LESS setting, which the LESS parser will then read. For example, an attacker could use the following code to read the contents of the /etc/passwd file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version 1.7. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level. Affected products include: Flarum. Version information: prior to 1.7.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

More in Flarum

View all
CVE-2024-21641 MEDIUM POC
6.5 Jan 05

Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2021-32671 CRITICAL
10.0 Jun 07

Flarum is a forum software for building communities. Rated critical severity (CVSS 10.0), this vulnerability is remotely

CVE-2019-13183 HIGH
8.8 Jul 07

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. Rated hig

CVE-2023-22487 MEDIUM POC
4.3 Jan 11

Flarum is a forum software for building communities. Rated medium severity (CVSS 4.3), this vulnerability is remotely ex

CVE-2019-11514 HIGH
7.5 Apr 25

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. Rated h

CVE-2023-40033 HIGH
7.1 Aug 16

Flarum is an open source forum software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low

CVE-2025-27794 MEDIUM
6.8 Mar 12

Flarum is open-source forum software. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no a

CVE-2023-22488 MEDIUM
5.4 Jan 12

Flarum is a forum software for building communities. Rated medium severity (CVSS 5.4), this vulnerability is remotely ex

CVE-2022-41938 MEDIUM
5.4 Nov 19

Flarum is an open source discussion platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitab

CVE-2018-19133 MEDIUM
5.3 Nov 09

In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. Rated medium severity (CVSS 5.3), this v

CVE-2023-22489 LOW
3.5 Jan 13

Flarum is a discussion platform for websites. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable,

Share

CVE-2023-27577 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy