A vulnerability was determined in AstrBotDevs AstrBot 4.23.6
The AstrBot 4.23.6 has a vulnerability in the _normalize_rw_path function, which can be exploited remotely to bypass authorization. This issue can be used to gain unauthorized access to the system. The vulnerability is caused by incorrect handling of file paths, allowing an attacker to manipulate the function and gain access to sensitive areas.
A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Developers and users of AstrBot 4.23.6 are at risk of remote unauthorized access, which is a medium severity threat that can lead to data breaches and system compromise.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
0
Affected Products
5
References
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability
Impact