CVE-2022-0672

Опубликовано: 18 фев. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user.

Ссылки

https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022
Release Notes
Third Party Advisory
https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:lemminx:*:*:*:*:*:*:*:*

Версия до 0.19.0 (исключая)

EPSS

Процентиль: 25%

0.00085

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-hrxv-694f-22g3