Lucene search
HistorySep 09, 2022 - 8:15 p.m.
CVE-2022-38638
cve-2022-38638
casdoor
arbitrary file write
vulnerability
fullfilepath parameter
nvd
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.001 Low
EPSS
Percentile
26.4%
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.
Affected configurations
Node
casbincasdoorMatch1.97.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| casbin:casdoor | casbin casdoor | eq | 1.97.3 |
References
Social References
More
Related
veracode
veracode
Path Traversal
2022-09-13 07:19:56
osv
osv
CVE-2022-38638
2022-09-09 20:15:11
Casdoor arbitrary file write vulnerability
2022-09-10 00:00:23
prion
prion
Arbitrary file deletion
2022-09-09 20:15:00
github
github
Casdoor arbitrary file write vulnerability
2022-09-10 00:00:23
nvd
nvd
CVE-2022-38638
2022-09-09 20:15:11
cvelist
cvelist
CVE-2022-38638
2022-09-09 19:40:29
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.001 Low
EPSS
Percentile
26.4%
Related for CVE-2022-38638