exploitDog

CVE-2022-36081

Опубликовано: 07 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing /list/<path:folderpath> and discloses lists of files located on the server including sensitive data. Version 1.7.1 fixes this issue.

Ссылки

https://github.com/Linbreux/wikmd/commit/8d1f94ec86b5b6c3df8ef10051facfb511a78450
Patch
Third Party Advisory
https://github.com/Linbreux/wikmd/security/advisories/GHSA-w4cf-92x9-v8w2
Third Party Advisory
https://github.com/Linbreux/wikmd/commit/8d1f94ec86b5b6c3df8ef10051facfb511a78450
Patch
Third Party Advisory
https://github.com/Linbreux/wikmd/security/advisories/GHSA-w4cf-92x9-v8w2
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wikmd_project:wikmd:*:*:*:*:*:*:*:*

Версия до 1.7.1 (исключая)

EPSS

Процентиль: 61%

0.00414

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22

EPSS

Процентиль: 61%

0.00414

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22