Arbitrary File Read in Snyk Broker
Moderate severity
GitHub Reviewed
Published
Jun 3, 2020
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
May 29, 2020
Reviewed
Jun 1, 2020
Published to the GitHub Advisory Database
Jun 3, 2020
Last updated
Feb 1, 2023
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
References