CVE-2023-6130
published 2023-11-14CVE-2023-6130: Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
PriorityP343high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.96%
57.2th percentile
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 3.12.0 < 4.14.316 | 4.14.316 |
| linux | linux_kernel | >= 4.15.0 < 4.19.284 | 4.19.284 |
| linux | linux_kernel | >= 4.20.0 < 5.4.244 | 5.4.244 |
| linux | linux_kernel | >= 5.11.0 < 5.15.113 | 5.15.113 |
| linux | linux_kernel | >= 5.16.0 < 6.1.30 | 6.1.30 |
| linux | linux_kernel | >= 5.5.0 < 5.10.181 | 5.10.181 |
| linux | linux_kernel | >= 6.2.0 < 6.3.4 | 6.3.4 |
| salesagility | salesagility_suitecrm | >= unspecified < 7.14.2, 7.12.14, 8.4.2 | 7.14.2, 7.12.14, 8.4.2 |
| salesagility | suitecrm | < 7.12.14 | 7.12.14 |
| salesagility | suitecrm | — | — |
| salesagility | suitecrm | — | — |
| salesagility | suitecrm | — | — |
| salesagility | suitecrm | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
netlink: annotate accesses to nlk->cb_running
osv·2025-12-09
CVE-2023-53853 netlink: annotate accesses to nlk->cb_running
netlink: annotate accesses to nlk->cb_running
In the Linux kernel, the following vulnerability has been resolved:
netlink: annotate accesses to nlk->cb_running
Both netlink_recvmsg() and netlink_native_seq_show() read
nlk->cb_running locklessly. Use READ_ONCE() there.
Add corresponding WRITE_ONCE() to netlink_dump() and
__netlink_dump_start()
syzbot reported:
BUG: KCSAN: data-race in __netlink_dump_start / netlink_recvmsg
write to 0xffff88813ea4db59 of 1 bytes by task 28219 on cpu 0:
__netlink_dump_start+0x3af/0x4d0 net/netlink/af_netlink.c:2399
netlink_dump_start include/linux/netlink.h:308 [inline]
rtnetlink_rcv_msg+0x70f/0x8c0 net/core/rtnetlink.c:6130
netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2577
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6192
netlink_unicast_kernel
GHSA
GHSA-v83h-65mx-qff4: Path Traversal: '\
ghsa_unreviewed·2023-11-14
CVE-2023-6130 [HIGH] CWE-29 GHSA-v83h-65mx-qff4: Path Traversal: '\
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
No detection rules found.
No public exploits indexed.
https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9https://huntr.com/bounties/22a27be9-f016-4daf-9887-c77eb3e1dc74https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9https://huntr.com/bounties/22a27be9-f016-4daf-9887-c77eb3e1dc74
2023-11-14
Published