5

CVSS Score

Basic Information

CVE ID

CVE-2023-35887

GHSA ID

GHSA-mjmq-gwgm-5qhm

EPSS Score

CWE

CWE-22

Published

7/10/2023

Updated

12/7/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-35887

CVE-2023-35887:
Apache MINA SSHD information disclosure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.9.3 Users are recommended to upgrade to 2.9.3

Until version 2.1.0, some of the code affected by this vulnerability appeared in org.apache.sshd:sshd-core. Version 2.1.0 contains a commit where the code was moved to the package org.apache.sshd:sshd-common, which did not exist until version 2.1.0.

(GitHub Advisory)

5

CVSS Score

Basic Information

CVE ID

CVE-2023-35887

GHSA ID

GHSA-mjmq-gwgm-5qhm

EPSS Score

CWE

CWE-22

Published

7/10/2023

Updated

12/7/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.sshd:sshd-core	maven	>= 1.0.0, < 2.1.0	2.1.0
org.apache.sshd:sshd-common	maven	>= 2.1.0, < 2.9.3	2.9.3
org.apache.sshd:sshd-sftp	maven	>= 1.0.0, < 2.9.3	2.9.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper path validation in RootedFileSystemProvider. Key issues included: 1) resolveLocalPath didn't properly normalize paths against the root, allowing traversal. 2) createSymbolicLink didn't validate symlink targets. 3) Directory stream handling leaked absolute paths. The commit adds chroot path normalization, symlink validation, and secure directory stream wrappers to contain paths within the root. The affected functions are clearly identified in the diff through security-critical changes like IoUtils.chroot calls and validateSafeRelativeSymlink checks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*xposur* o* S*nsitiv* In*orm*tion to *n Un*ut*oriz** **tor vuln*r**ility in *p**** So*tw*r* *oun**tion *p**** MIN*. In S*TP s*rv*rs impl*m*nt** usin* *p**** MIN* SS** t**t us* * Root***il*Syst*m, lo**** us*rs m*y ** **l* to *is*ov*r "*xists/*o*s not

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* v*li**tion in Root***il*Syst*mProvi**r. K*y issu*s in*lu***: *) r*solv*Lo**lP*t* *i*n't prop*rly norm*liz* p*t*s ***inst t** root, *llowin* tr*v*rs*l. *) *r**t*Sym*oli*Link *i*n't v*li**t* symlink t*r**ts. *

5

Basic Information

Concerned about an active attack path?

CVE-2023-35887: Apache MINA SSHD information disclosure vulnerability

5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-35887:
Apache MINA SSHD information disclosure vulnerability

Vulnerability Intelligence
Miggo AI