Lucene search
HistorySep 14, 2022 - 9:15 p.m.
CVE-2022-38301
onedev
path traversal
unauthorized access
jar file
directory
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
47.3%
Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib.
Affected configurations
Node
onedev_projectonedevMatch7.4.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| onedev_project | onedev | 7.4.14 | cpe:2.3:a:onedev_project:onedev:7.4.14:*:*:*:*:*:*:* |
Related
prion
prion
Path traversal
2022-09-14 21:15:00
cve
cve
CVE-2022-38301
2022-09-14 21:15:10
osv
osv
CVE-2022-38301
2022-09-14 21:15:10
cvelist
cvelist
CVE-2022-38301
2022-09-14 20:13:38
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
47.3%
Related for NVD:CVE-2022-38301