Lucene search

GoogleOSV:CVE-2022-42725

HistoryOct 10, 2022 - 5:15 a.m.

CVE-2022-42725

2022-10-1005:15:09

Google

osv.dev

warpinator

directory traversal

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links.

References

www.openwall.com/lists/oss-security/2022/10/24/1

www.openwall.com/lists/oss-security/2023/04/26/1

github.com/linuxmint/warpinator/commit/5244c33d4c109ede9607b9d94461650410e2cddc

github.com/linuxmint/warpinator/commit/8bfd2f8b3f1b0c0f0a5a6d275702d107b9e08a94

github.com/linuxmint/warpinator/commit/95124fd4468683dd69ddd7b3da0e9906ce6beae2

github.com/linuxmint/warpinator/commit/f4907ef6a17a189d56ab0a9da4b53190b061ad75

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

Related for OSV:CVE-2022-42725