Lucene search

MitreCVE-2022-45193

HistoryNov 12, 2022 - 12:15 a.m.

CVE-2022-45193

2022-11-1200:15:10

CWE-732

mitre

web.nvd.nist.gov

cve

2022

45193

weak file permissions

cbrn-analysis

disclosure

privilege escalation

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

34.0%

JSON

CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation.

Affected configurations

Nvd

Node

bruhn-newtechcbrn-analysisRange<22

VendorProductVersionCPE
bruhn-newtechcbrn-analysis*cpe:2.3:a:bruhn-newtech:cbrn-analysis:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bruhn-newtech	cbrn-analysis	*	cpe:2.3:a:bruhn-newtech:cbrn-analysis::::::::

References

zigrin.com/advisories/cbrn-analysis-unprotected-storage-of-application-files/

Social References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

34.0%

JSON

Related for CVE-2022-45193