CVE-2022-43451

EPSS 0.04%
Veröffentlicht 03.11.2022 20:15:33
Zuletzt bearbeitet 21.11.2024 07:26:30
Quelle scy@openharmony.io
CVE-Watchlists
Login
Unerledigt
Login

OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openharmony ≫ Openharmony Version >= 3.1 <= 3.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.116

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
scy@openharmony.io	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-43451

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43451

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43451

EUVD