Lucene search

K
cve[email protected]CVE-2022-41958
HistoryNov 25, 2022 - 6:15 p.m.

CVE-2022-41958

2022-11-2518:15:11
CWE-502
web.nvd.nist.gov
24
6
super-xray
web vulnerability
scanning tool
local access
compromise
cve-2022-41958
security issue

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.2%

super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit 4d0d5966 and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.

Affected configurations

Vulners
NVD
Node
4ra1nsuper_xrayRange<0.7

CNA Affected

[
  {
    "vendor": "4ra1n",
    "product": "super-xray",
    "versions": [
      {
        "version": "< 0.7",
        "status": "affected"
      }
    ]
  }
]

Social References

More

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.2%

Related for CVE-2022-41958