cbcvebase.
CVE-2023-35844
published 2023-06-19

CVE-2023-35844: packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an…

PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.34%
92.8th percentile
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

Affected

1 ranges
VendorProductVersion rangeFixed in
lightdashlightdash< 0.510.30.510.3

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/slack/image/slack-image%2F..%2F..%2F..%2Fetc%2Fpasswd
path/api/v1/slack/image/
  • Look for HTTP GET requests to /api/v1/slack/image/ containing URL-encoded path traversal sequences (%2F..) targeting files outside the intended directory (e.g., /etc/passwd).
  • Successful exploitation returns HTTP 200 with content matching root:[x*]:0:0, indicating arbitrary file read of /etc/passwd.
  • The vulnerable endpoint does not enforce intended file extensions (.csv or .png), so requests lacking these extensions but traversing directories should be flagged.
  • Use Shodan/FOFA queries to identify exposed Lightdash instances: title:"Lightdash" or title="lightdash".
  • ·The vulnerability is unauthenticated (PR:N), meaning no credentials are required to exploit the path traversal endpoint.
  • ·Affected versions are Lightdash <= 0.510.3; the fix was introduced in 0.510.3 via commit fcc808c84c2cc3afb343063e32a49440d32a553c.
  • ·EPSS score is extremely high (0.92336, 99.7th percentile), indicating active exploitation in the wild is very likely.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.