CVE-2023-29586

Published: Apr 19, 2023Modified: Feb 5, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.

Affected (1)

Products: Codesector: Teracopy

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Codesector Teracopy	Version 3.9.7

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

https://packetstormsecurity.com/files/143984/TeraCopyService-3.1-Unquoted-Service-Path-Privilege-Escalation.html

Source: cve@mitre.org

Not Applicable

https://securityandstuff.com/posts/teracopy_arbitrary_read/

Source: cve@mitre.org

Broken Link

https://support.codesector.com/en/articles/10088479-cve-2023-29586

Source: cve@mitre.org

https://www.youtube.com/watch?v=mrOHtWWFhJI

Source: cve@mitre.org

https://packetstormsecurity.com/files/143984/TeraCopyService-3.1-Unquoted-Service-Path-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://securityandstuff.com/posts/teracopy_arbitrary_read/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.