CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-37041

HIGH
7.5
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile3.02th
Published2026年1月30日
Last Modified2026年2月13日

Vulnerability Description

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.

Affected Platforms (CPE)

📦
Citeum

Opencti

= 3.3.1

References & Advisories

🔗 https://github.com/OpenCTI-Platform/opencti
🔗 https://www.exploit-db.com/exploits/48595
🔗 https://www.opencti.io/
🔗 https://www.vulncheck.com/advisories/opencti-directory-traversal

関連する脆弱性情報

CVE-2020-370445.4

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arb...

CVE-2020-079610.0

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles cer...

CVE-2020-195310.0

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes i...

CVE-2020-1249310.0

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device wi...