7.5

CVE-2022-42725

Exploit
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxmintWarpinator Version <= 1.2.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.24% 0.652
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.openwall.com/lists/oss-security/2022/10/24/1
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2023/04/26/1
https://github.com/linuxmint/warpinator/commit/5244c33d4c109ede9607b9d94461650410e2cddc
Patch
Third Party Advisory
https://github.com/linuxmint/warpinator/commit/8bfd2f8b3f1b0c0f0a5a6d275702d107b9e08a94
Patch
Third Party Advisory
https://github.com/linuxmint/warpinator/commit/95124fd4468683dd69ddd7b3da0e9906ce6beae2
Patch
Third Party Advisory
https://github.com/linuxmint/warpinator/commit/f4907ef6a17a189d56ab0a9da4b53190b061ad75
Patch
Third Party Advisory