Arbitrary File Access Vulnerability in NocoDB

Arbitrary File Access Vulnerability in NocoDB

CVE-2023-35843 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.

Learn more about our Cis Benchmark Audit For Server Software.