Lucene search

[email protected]NVD:CVE-2022-26846

HistoryMar 10, 2022 - 5:48 p.m.

CVE-2022-26846

2022-03-1017:48:01

[email protected]

web.nvd.nist.gov

spip before 3.2.14

4.x before 4.0.5

remote authenticated editors

execute arbitrary code

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.1%

JSON

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.

Affected configurations

Nvd

Node

spipspipRange<3.2.14

spipspipRange4.0.0–4.0.5

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

References

blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html

git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2

lists.debian.org/debian-lts-announce/2022/03/msg00020.html

lists.debian.org/debian-security-announce/2022/msg00060.html

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.1%

JSON

Related for NVD:CVE-2022-26846

cvelist1 cve1 ubuntucve1 prion1 debiancve1 osv5 veracode1 nessus2 openvas5 debian1 ubuntu2