7.5
CVE-2022-42725
- EPSS 1.24%
- Veröffentlicht 10.10.2022 05:15:09
- Zuletzt bearbeitet 21.11.2024 07:25:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linuxmint ≫ Warpinator Version <= 1.2.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.652 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
http://www.openwall.com/lists/oss-security/2022/10/24/1
http://www.openwall.com/lists/oss-security/2023/04/26/1
https://github.com/linuxmint/warpinator/commit/5244c33d4c109ede9607b9d94461650410e2cddc
https://github.com/linuxmint/warpinator/commit/8bfd2f8b3f1b0c0f0a5a6d275702d107b9e08a94
https://github.com/linuxmint/warpinator/commit/95124fd4468683dd69ddd7b3da0e9906ce6beae2
https://github.com/linuxmint/warpinator/commit/f4907ef6a17a189d56ab0a9da4b53190b061ad75