CVE-2019-5429

Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.

Published: Apr 29, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5429
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-426

Affected Software
References

Software	From	Fixed in
filezilla-project / filezilla_client	-	3.41.0
debian / debian_linux	9.0	9.0.x
fedoraproject / fedora	28	28.x

https://lists.debian.org/debian-lts-announce/2022/05/msg00037.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/
https://security.gentoo.org/glsa/202007-51
https://svn.filezilla-project.org/filezilla?view=revision&revision=9112
https://www.tenable.com/security/research/tra-2019-14

Vulnerability Database

289,599

CVE-2019-5429