{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31817", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-09T17:41:56.075Z", "datePublished": "2026-03-10T21:08:53.873Z", "dateUpdated": "2026-03-11T15:19:29.025Z"}, "containers": {"cna": {"title": "OliveTin's unsafe parsing of UniqueTrackingId can be used to write files", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/OliveTin/OliveTin/security/advisories/GHSA-364q-w7vh-vhpc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OliveTin/OliveTin/security/advisories/GHSA-364q-w7vh-vhpc"}], "affected": [{"vendor": "OliveTin", "product": "OliveTin", "versions": [{"version": "< 3000.11.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T00:09:56.386Z"}, "descriptions": [{"lang": "en", "value": "OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2."}], "source": {"advisory": "GHSA-364q-w7vh-vhpc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31817", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T15:10:48.955922Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:19:29.025Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "OliveTin has unsafe parsing of UniqueTrackingId can be used to write files", "source": {"advisory": "GHSA-364q-w7vh-vhpc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OliveTin", "product": "OliveTin", "versions": [{"status": "affected", "version": "< 3000.11.2"}]}], "references": [{"url": "https://github.com/OliveTin/OliveTin/security/advisories/GHSA-364q-w7vh-vhpc", "name": "https://github.com/OliveTin/OliveTin/security/advisories/GHSA-364q-w7vh-vhpc", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T21:08:53.873Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31817", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T15:10:48.955922Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-11T15:10:53.190Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-31817", "state": "PUBLISHED", "dateUpdated": "2026-03-10T21:08:53.873Z", "dateReserved": "2026-03-09T17:41:56.075Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-10T21:08:53.873Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2."}, {"lang": "es", "value": "OliveTin da acceso a comandos shell predefinidos desde una interfaz web. Antes de la versi\u00f3n 3000.11.2, cuando la funci\u00f3n saveLogs est\u00e1 habilitada, OliveTin persiste las entradas del registro de ejecuci\u00f3n en el disco. El nombre de archivo utilizado para estos archivos de registro se construye en parte a partir del campo UniqueTrackingId proporcionado por el usuario en la solicitud de la API StartAction. Este valor no se valida ni se sanea antes de ser utilizado en una ruta de archivo, lo que permite a un atacante utilizar secuencias de salto de directorio (por ejemplo, ../../../) para escribir archivos en ubicaciones arbitrarias del sistema de archivos. Esta vulnerabilidad se corrige en la versi\u00f3n 3000.11.2."}], "id": "CVE-2026-31817", "lastModified": "2026-03-11T13:52:47.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.7, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-10T22:16:19.167", "references": [{"source": "[email protected]", "url": "https://github.com/OliveTin/OliveTin/security/advisories/GHSA-364q-w7vh-vhpc"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Primary"}]}

{}