CVE-2023-36827

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 5, 2023

Updated: Jul 12, 2023

CWE ID 22

Summary

CVE-2023-36827 is a path traversal vulnerability affecting versions of Fides, an open-source privacy engineering platform, below 2.15.1. This issue allows remote attackers to access arbitrary files on the fides webserver container's filesystem. The vulnerability can be mitigated if the Fides webserver API is deployed behind an AWS application load balancer, as the load balancer will reject such attacks with a 400 error. Furthermore, secrets supplied to the container through environment variables instead of a `fides.toml` configuration file remain unaffected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ethyca Fides

Affected Vendors

Ethyca

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzcbJC
https://www.cve.org/CVERecord?id=CVE-2023-36827
https://nvd.nist.gov/vuln/detail/CVE-2023-36827

Back to Vulnerability Database