CVE-2023-37474
published 2023-07-14CVE-2023-37474: Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal…
PriorityP271high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
42.83%
98.5th percentile
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 9001 | copyparty | < 1.8.2 | 1.8.2 |
| 9001 | copyparty | >= 0 < 1.8.2 | 1.8.2 |
| 9001 | copyparty | >= 0 < 043e3c7dd683113e2b1c15cacb9c8e68f76513ff | 043e3c7dd683113e2b1c15cacb9c8e68f76513ff |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests targeting the `.cpr` subfolder with URL-encoded path traversal sequences (e.g., %2F) in the request path, which indicates exploitation of CVE-2023-37474. ↗
- →A successful exploit response will return HTTP 200 with content matching the pattern `root:[x*]:0:0`, indicating /etc/passwd was read from the server. ↗
- →Use Shodan or FOFA to identify exposed Copyparty instances via their page title for proactive asset discovery. ↗
- →The vulnerability is unauthenticated (PR:N) and network-exploitable (AV:N), so no credentials are required to exploit it. ↗
- ·The vulnerability affects Copyparty versions strictly prior to 1.8.2; the fix was introduced in commit 043e3c7d included in release 1.8.2. ↗
- ·There are no known workarounds; upgrading to 1.8.2 or later is the only remediation. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
copyparty vulnerable to path traversal attack
ghsa·2023-07-14
CVE-2023-37474 [HIGH] CWE-22 copyparty vulnerable to path traversal attack
copyparty vulnerable to path traversal attack
# Summary
All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server.
# Details
Unauthenticated users were able to retrieve any files which are accessible (according to OS-level permissions) from the copyparty process. Usually, this is all files that are readable by the OS account which is used to run copyparty.
The vulnerability did not make it possible to list the contents of folders, so an attacker needs to know the full absolute path to the file, or the relative path from where copyparty is installed.
Some methods of running copyparty ([prisonparty](https://github.com/9001/copyparty/tree/hovudstraum/bin#prisonpartysh), the [nix package](https://github.com/9001/copypar
OSV
CVE-2023-37474: Copyparty is a portable file server
osv·2023-07-14
CVE-2023-37474 CVE-2023-37474: Copyparty is a portable file server
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
OSV
copyparty vulnerable to path traversal attack
osv·2023-07-14
CVE-2023-37474 [HIGH] copyparty vulnerable to path traversal attack
copyparty vulnerable to path traversal attack
# Summary
All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server.
# Details
Unauthenticated users were able to retrieve any files which are accessible (according to OS-level permissions) from the copyparty process. Usually, this is all files that are readable by the OS account which is used to run copyparty.
The vulnerability did not make it possible to list the contents of folders, so an attacker needs to know the full absolute path to the file, or the relative path from where copyparty is installed.
Some methods of running copyparty ([prisonparty](https://github.com/9001/copyparty/tree/hovudstraum/bin#prisonpartysh), the [nix package](https://github.com/9001/copypar
No detection rules found.
Exploit-DB
copyparty 1.8.2 - Directory Traversal
exploitdb·2023-07-28·CVSS 7.5
CVE-2023-37474 [HIGH] copyparty 1.8.2 - Directory Traversal
copyparty 1.8.2 - Directory Traversal
---
# Exploit Title: copyparty 1.8.2 - Directory Traversal
# Date: 14/07/2023
# Exploit Author: Vartamtzidis Theodoros (@TheHackyDog)
# Vendor Homepage: https://github.com/9001/copyparty/
# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2
# Version: <=1.8.2
# Tested on: Debian Linux
# CVE : CVE-2023-37474
#Description
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.
#POC
curl -i -s -k -X GET 'http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd'
Nuclei
Copyparty <= 1.8.2 - Directory Traversal
nuclei·CVSS 7.5
CVE-2023-37474 [HIGH] Copyparty <= 1.8.2 - Directory Traversal
Copyparty <= 1.8.2 - Directory Traversal
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Template:
id: CVE-2023-37474
info:
name: Copyparty <= 1.8.2 - Directory Traversal
author: shankar acharya,theamanrawat
severity: high
description: |
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfol
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.htmlhttps://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ffhttps://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjghttp://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.htmlhttps://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ffhttps://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg
2023-07-14
Published