exploitDog

CVE-2022-45921

Опубликовано: 28 нояб. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.

Ссылки

https://fusionauth.io/docs/v1/tech/release-notes
Release Notes
Vendor Advisory
https://github.com/FusionAuth/fusionauth-issues/issues/1983
Issue Tracking
Third Party Advisory
https://fusionauth.io/docs/v1/tech/release-notes
Release Notes
Vendor Advisory
https://github.com/FusionAuth/fusionauth-issues/issues/1983
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fusionauth:fusionauth:*:*:*:*:*:*:*:*

Версия от 1.37.0 (включая) до 1.41.3 (исключая)

EPSS

Процентиль: 68%

0.00582

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-rmcx-fg5w-x8j9

CVSS3: 7.5

github

около 3 лет назад

FusionAuth vulnerable to directory traversal attack

EPSS

Процентиль: 68%

0.00582

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22