How severe is CVE-2023-31131?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2023-31131?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2023-31131 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2012-6664

CRITICAL

CVSS:9.1(Critical)

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get ...

CWE-222012

CVE-2014-10390

CRITICAL

CVSS:9.1(Critical)

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

CWE-222014

CVE-2014-3702

CRITICAL

CVSS:9.1(Critical)

Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot ...

CWE-222014

CVE-2015-4068

CRITICAL

CVSS:9.1(Critical)

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFile...

CWE-222015

CVE-2015-5609

CRITICAL

CVSS:9.1(Critical)

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

CWE-222015

CVE-2015-9277

CRITICAL

CVSS:9.1(Critical)

MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.

CWE-222015