CVE-2025-58753

Medium CVSS: 5.3

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This issue did not affect filekeys or dirkeys. Version 1.19.8 fixes the issue.

Vendor

9001

Product

Copyparty

CWE

CWE-552

Yayın Tarihi

2025-09-09 20:15:49

Güncelleme

2025-09-18 17:35:49

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-552 Copyparty MEDIUM 9001 2025

Referanslar

https://github.com/9001/copyparty/commit/e0a92ba72d46074209a9c304eb2a01ca0429e60c https://github.com/9001/copyparty/releases/tag/v1.19.8 https://github.com/9001/copyparty/security/advisories/GHSA-pxvw-4w88-6x95

Benzer Kayıtlar

Low

CVE-2026-32108

Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the s…

Low

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to…

Medium

CVE-2026-30974

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of Java…

Medium

CVE-2026-27948

Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via U…

High

CVE-2023-41471

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a cra…

High

CVE-2025-54796

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows…