CVE-2022-47878

Опубликовано: 02 мая 2023

Источник: nvd

CVSS3: 8.8

CVSS3: 9.1

EPSS Средний

Описание

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments.

Ссылки

http://packetstormsecurity.com/files/172154/Jedox-2020.2.5-Configurable-Storage-Path-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf
Exploit
Third Party Advisory
https://jedox.mantishub.io/app/issues/57238
http://packetstormsecurity.com/files/172154/Jedox-2020.2.5-Configurable-Storage-Path-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jedox:jedox:2020.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.20563

Средний

8.8 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-p59m-22jh-5r57

CVSS3: 8.8

github

почти 3 года назад

EPSS

Процентиль: 95%

0.20563

Средний

8.8 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-434