CVE-2023-29586

Published: Apr 19, 2023

Modified: Feb 5, 2025

PUBLISHED

Description

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://packetstormsecurity.com/files/143984/TeraCopyService-3.1-Unquoted-Service-Path-Privilege-Escalation.html

https://securityandstuff.com/posts/teracopy_arbitrary_read/

https://support.codesector.com/en/articles/10088479-cve-2023-29586

https://www.youtube.com/watch?v=mrOHtWWFhJI

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-29586

Description

Affected Products

References