Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-q93c-p2mw-p23f | Dagster vulnerable to Path Traversal attack through its /logs endpoint |
| Link | Providers |
|---|---|
| https://github.com/dagster-io/dagster/pull/18462 |
|
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Tue, 08 Jul 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-22 | |
| Metrics |
cvssV3_1
|
Mon, 07 Jul 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Directory Traversal vulnerability in dagster-webserver Dagster thru 1.0.3 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot ('.'). | Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot ('.'). |
Mon, 07 Jul 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Directory Traversal vulnerability in dagster-webserver Dagster thru 1.0.3 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot ('.'). | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-07-08T17:37:51.884Z
Reserved: 2023-12-18T00:00:00.000Z
Link: CVE-2023-51232
Updated: 2025-07-07T19:44:42.518Z
Status : Deferred
Published: 2025-07-07T14:15:23.140
Modified: 2026-06-17T06:40:36.820
Link: CVE-2023-51232
No data.
OpenCVE Enrichment
No data.
Github GHSA