6.5
CVE-2022-37424
- EPSS 0.71%
- Veröffentlicht 28.10.2022 16:15:15
- Zuletzt bearbeitet 21.11.2024 07:14:58
- Quelle secure@blackberry.com
- CVE-Watchlists
- Unerledigt
LoginThe FILES Directive allows arbitrary files from the frontend system (including sensitive files) to be included when a VM is started from that template, which may result in Information Disclosure.
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opennebula ≫ Opennebula SwEditionenterprise Version < 6.4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.71% | 0.485 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| secure@blackberry.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
https://opennebula.io/opennebula-6-4-2-ee-lts-maintenance-release-is-available/