.. / CVE-2023-35843

Exploit for NocoDB version <= 0.106.1 - Arbitrary File Read (CVE-2023-35843)

Description:

NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.

Nuclei Template

View the template here CVE-2023-35843.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-35843.yaml
Copy

References:

https://github.com/nocodb/nocodb/blob/6decfa2b20c28db9946bddce0bcb1442b683ecae/packages/nocodb/src/lib/controllers/attachment.ctl.ts#L62-L74
https://github.com/0x783kb/Security-operation-book
https://github.com/nocodb/nocodb/blob/f7ee7e3beb91d313a159895d1edc1aba9d91b0bc/packages/nocodb/src/controllers/attachments.controller.ts#L55-L66
https://nvd.nist.gov/vuln/detail/CVE-2023-35843
https://advisory.dw1.io/60