Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-43449

Опубликовано: 03 нояб. 2022
Источник: nvd
CVSS3: 6.2
CVSS3: 5.5
EPSS Низкий

Описание

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*
Версия от 3.1 (включая) до 3.1.2 (включая)

EPSS

Процентиль: 11%
0.00037
Низкий

6.2 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-20
CWE-552

Связанные уязвимости

github логотип

GHSA-7c72-6v53-xq93

CVSS3: 5.5
github
больше 3 лет назад

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

EPSS

Процентиль: 11%
0.00037
Низкий

6.2 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-20
CWE-552