CVE-2023-29586

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.
Configurations

Configuration 1 (hide)

cpe:2.3:a:codesector:teracopy:3.9.7:*:*:*:*:*:*:*

History

05 Feb 2025, 16:15

Type Values Removed Values Added
CWE CWE-284

Information

Published : 2023-04-19 15:15

Updated : 2025-02-05 16:15


NVD link : CVE-2023-29586

Mitre link : CVE-2023-29586

CVE.ORG link : CVE-2023-29586


JSON object : View

Products Affected

codesector

  • teracopy
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control