CVE-2022-23612

🗓️ 22 Feb 2022 22:55:12Reported by GitHub_MType

OpenMRS patient-based medical record system vulnerable to arbitrary file exfiltratio

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2022-23612	23 Feb 202202:12	–	circl
CNNVD	OpenMRS 路径遍历漏洞	22 Feb 202200:00	–	cnnvd
Cvelist	CVE-2022-23612 Directory Traversal in OpenMRS Startup Filter	22 Feb 202222:55	–	cvelist
EUVD	EUVD-2022-28581	3 Oct 202520:07	–	euvd
NVD	CVE-2022-23612	22 Feb 202223:15	–	nvd
OpenVAS	OpenMRS 1.6 - 2.5.x Directory Traversal Vulnerability (GHSA-8rgr-ww69-jv65)	28 Feb 202200:00	–	openvas
OSV	CVE-2022-23612 Directory Traversal in OpenMRS Startup Filter	22 Feb 202222:55	–	osv
Prion	Design/Logic Flaw	22 Feb 202223:15	–	prion
Positive Technologies	PT-2022-16127	22 Feb 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-23612	5 Feb 202523:18	–	redhatcve

NVD

Vulners

Node

openmrs openmrsRange1.6–2.1.5

openmrs openmrsRange2.2.0–2.2.1

openmrs openmrsRange2.3.0–2.3.5

openmrs openmrsRange2.4.0–2.4.5

openmrs openmrsRange2.5.0–2.5.3

[
  {
    "product": "openmrs-core",
    "vendor": "openmrs",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.6, < 2.1.5"
      },
      {
        "status": "affected",
        "version": ">= 2.2.0, < 2.2.1"
      },
      {
        "status": "affected",
        "version": ">= 2.3.0, < 2.3.5"
      },
      {
        "status": "affected",
        "version": ">= 2.4.0, < 2.4.5"
      },
      {
        "status": "affected",
        "version": ">= 2.5.0, < 2.5.3"
      }
    ]
  }
]

Source	Link
github	www.github.com/openmrs/openmrs-core/commit/db8454bf19a092a78d53ee4dba2af628b730a6e7
github	www.github.com/openmrs/openmrs-core/blob/ee3373a7a775bfdfa263e2e912c72e64342fb4f0/web/src/main/java/org/openmrs/web/filter/StartupFilter.java
github	www.github.com/openmrs/openmrs-core/security/advisories/GHSA-8rgr-ww69-jv65
lgtm	www.lgtm.com/projects/g/openmrs/openmrs-core/snapshot/fb1335c925ca4c94be5a546707b90d2c1efa4dcc/files/web/src/main/java/org/openmrs/web/filter/StartupFilter.java

21 Nov 2024 06:48Current

7.6High risk

Vulners AI Score7.6

CVSS 25

CVSS 3.17.5

EPSS0.00402

SSVC

CWE-22