Lucene search
SnykCVELIST:CVE-2022-25937HistoryFeb 13, 2023 - 5:00 a.m.
CVE-2022-25937
2023-02-1305:00:01
snyk
www.cve.org
1
glance package
directory traversal
public root directory
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
0.001 Low
EPSS
Percentile
31.9%
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715.
CNA Affected
[
{
"product": "glance",
"versions": [
{
"version": "0",
"lessThan": "3.0.9",
"status": "affected",
"versionType": "semver"
}
],
"vendor": "n/a"
}
]Related
cve
cve
CVE-2022-25937
2023-02-13 05:15:12
CVE-2018-3715
2018-06-07 02:29:08
prion
prion
Directory traversal
2023-02-13 05:15:00
Path traversal
2018-06-07 02:29:00
osv
osv
Path traversal vulnerability in glance
2023-02-13 06:30:59
CVE-2022-25937
2023-02-13 05:15:12
CVE-2018-3715
2018-06-07 02:29:08
nvd
nvd
CVE-2022-25937
2023-02-13 05:15:12
CVE-2018-3715
2018-06-07 02:29:08
github
github
Path traversal vulnerability in glance
2023-02-13 06:30:59
Path Traversal in glance
2018-07-26 14:53:14
veracode
veracode
Path Traversal
2023-02-15 02:32:36
Path Traversal
2018-03-05 01:16:34
hackerone
hackerone
nodejs
nodejs
Path Traversal
2018-04-24 15:46:07
cvelist
cvelist
CVE-2018-3715
2018-04-26 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
0.001 Low
EPSS
Percentile
31.9%
Related for CVELIST:CVE-2022-25937