CVE-2022-32320

EPSS 0.28%
Veröffentlicht 17.07.2022 17:15:08
Zuletzt bearbeitet 21.11.2024 07:06:09
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ferdium ≫ Ferdium Version6.0.0 Update-

Ferdium ≫ Ferdium Version6.0.0 Updatebeta1

Ferdium ≫ Ferdium Version6.0.0 Updatebeta2

Ferdium ≫ Ferdium Version6.0.0 Updatebeta3

Ferdium ≫ Ferdium Version6.0.0 Updatenightly1

Ferdium ≫ Ferdium Version6.0.0 Updatenightly10

Ferdium ≫ Ferdium Version6.0.0 Updatenightly11

Ferdium ≫ Ferdium Version6.0.0 Updatenightly12

Ferdium ≫ Ferdium Version6.0.0 Updatenightly13

Ferdium ≫ Ferdium Version6.0.0 Updatenightly14

Ferdium ≫ Ferdium Version6.0.0 Updatenightly15

Ferdium ≫ Ferdium Version6.0.0 Updatenightly16

Ferdium ≫ Ferdium Version6.0.0 Updatenightly17

Ferdium ≫ Ferdium Version6.0.0 Updatenightly18

Ferdium ≫ Ferdium Version6.0.0 Updatenightly19

Ferdium ≫ Ferdium Version6.0.0 Updatenightly2

Ferdium ≫ Ferdium Version6.0.0 Updatenightly20

Ferdium ≫ Ferdium Version6.0.0 Updatenightly21

Ferdium ≫ Ferdium Version6.0.0 Updatenightly22

Ferdium ≫ Ferdium Version6.0.0 Updatenightly23

Ferdium ≫ Ferdium Version6.0.0 Updatenightly24

Ferdium ≫ Ferdium Version6.0.0 Updatenightly25

Ferdium ≫ Ferdium Version6.0.0 Updatenightly26

Ferdium ≫ Ferdium Version6.0.0 Updatenightly27

Ferdium ≫ Ferdium Version6.0.0 Updatenightly28

Ferdium ≫ Ferdium Version6.0.0 Updatenightly29

Ferdium ≫ Ferdium Version6.0.0 Updatenightly3

Ferdium ≫ Ferdium Version6.0.0 Updatenightly30

Ferdium ≫ Ferdium Version6.0.0 Updatenightly31

Ferdium ≫ Ferdium Version6.0.0 Updatenightly32

Ferdium ≫ Ferdium Version6.0.0 Updatenightly33

Ferdium ≫ Ferdium Version6.0.0 Updatenightly34

Ferdium ≫ Ferdium Version6.0.0 Updatenightly35

Ferdium ≫ Ferdium Version6.0.0 Updatenightly36

Ferdium ≫ Ferdium Version6.0.0 Updatenightly37

Ferdium ≫ Ferdium Version6.0.0 Updatenightly38

Ferdium ≫ Ferdium Version6.0.0 Updatenightly39

Ferdium ≫ Ferdium Version6.0.0 Updatenightly4

Ferdium ≫ Ferdium Version6.0.0 Updatenightly40

Ferdium ≫ Ferdium Version6.0.0 Updatenightly41

Ferdium ≫ Ferdium Version6.0.0 Updatenightly42

Ferdium ≫ Ferdium Version6.0.0 Updatenightly43

Ferdium ≫ Ferdium Version6.0.0 Updatenightly44

Ferdium ≫ Ferdium Version6.0.0 Updatenightly45

Ferdium ≫ Ferdium Version6.0.0 Updatenightly46

Ferdium ≫ Ferdium Version6.0.0 Updatenightly47

Ferdium ≫ Ferdium Version6.0.0 Updatenightly48

Ferdium ≫ Ferdium Version6.0.0 Updatenightly49

Ferdium ≫ Ferdium Version6.0.0 Updatenightly5

Ferdium ≫ Ferdium Version6.0.0 Updatenightly50

Ferdium ≫ Ferdium Version6.0.0 Updatenightly51

Ferdium ≫ Ferdium Version6.0.0 Updatenightly52

Ferdium ≫ Ferdium Version6.0.0 Updatenightly53

Ferdium ≫ Ferdium Version6.0.0 Updatenightly54

Ferdium ≫ Ferdium Version6.0.0 Updatenightly55

Ferdium ≫ Ferdium Version6.0.0 Updatenightly56

Ferdium ≫ Ferdium Version6.0.0 Updatenightly57

Ferdium ≫ Ferdium Version6.0.0 Updatenightly58

Ferdium ≫ Ferdium Version6.0.0 Updatenightly59

Ferdium ≫ Ferdium Version6.0.0 Updatenightly6

Ferdium ≫ Ferdium Version6.0.0 Updatenightly60

Ferdium ≫ Ferdium Version6.0.0 Updatenightly61

Ferdium ≫ Ferdium Version6.0.0 Updatenightly62

Ferdium ≫ Ferdium Version6.0.0 Updatenightly63

Ferdium ≫ Ferdium Version6.0.0 Updatenightly65

Ferdium ≫ Ferdium Version6.0.0 Updatenightly66

Ferdium ≫ Ferdium Version6.0.0 Updatenightly67

Ferdium ≫ Ferdium Version6.0.0 Updatenightly69

Ferdium ≫ Ferdium Version6.0.0 Updatenightly7

Ferdium ≫ Ferdium Version6.0.0 Updatenightly70

Ferdium ≫ Ferdium Version6.0.0 Updatenightly71

Ferdium ≫ Ferdium Version6.0.0 Updatenightly72

Ferdium ≫ Ferdium Version6.0.0 Updatenightly73

Ferdium ≫ Ferdium Version6.0.0 Updatenightly74

Ferdium ≫ Ferdium Version6.0.0 Updatenightly76

Ferdium ≫ Ferdium Version6.0.0 Updatenightly77

Ferdium ≫ Ferdium Version6.0.0 Updatenightly78

Ferdium ≫ Ferdium Version6.0.0 Updatenightly79

Ferdium ≫ Ferdium Version6.0.0 Updatenightly8

Ferdium ≫ Ferdium Version6.0.0 Updatenightly80

Ferdium ≫ Ferdium Version6.0.0 Updatenightly81

Ferdium ≫ Ferdium Version6.0.0 Updatenightly82

Ferdium ≫ Ferdium Version6.0.0 Updatenightly83

Ferdium ≫ Ferdium Version6.0.0 Updatenightly84

Ferdium ≫ Ferdium Version6.0.0 Updatenightly85

Ferdium ≫ Ferdium Version6.0.0 Updatenightly86

Ferdium ≫ Ferdium Version6.0.0 Updatenightly87

Ferdium ≫ Ferdium Version6.0.0 Updatenightly88

Ferdium ≫ Ferdium Version6.0.0 Updatenightly89

Ferdium ≫ Ferdium Version6.0.0 Updatenightly9

Ferdium ≫ Ferdium Version6.0.0 Updatenightly90

Ferdium ≫ Ferdium Version6.0.0 Updatenightly91

Ferdium ≫ Ferdium Version6.0.0 Updatenightly92

Ferdium ≫ Ferdium Version6.0.0 Updatenightly93

Ferdium ≫ Ferdium Version6.0.0 Updatenightly94

Ferdium ≫ Ferdium Version6.0.0 Updatenightly95

Ferdium ≫ Ferdium Version6.0.0 Updatenightly96

Ferdium ≫ Ferdium Version6.0.0 Updatenightly97

Ferdium ≫ Ferdium Version6.0.0 Updatenightly98

Getferdi ≫ Ferdi Version <= 5.8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.505

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://getferdi.com/

Product

https://gist.github.com/omriinbar-cyesec/c1179fe99725d2b828b6573c0d110c9c

Third Party Advisory

https://github.com/getferdi/ferdi

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-32320

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-32320

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-32320

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-32320