Lucene search

Palo_altoCVELIST:CVE-2022-0074

HistoryOct 27, 2022 - 7:32 p.m.

CVE-2022-0074 Privilege Escalation in OpenLiteSpeed Web Server

2022-10-2719:32:19

CWE-426

palo_alto

www.cve.org

openlitespeed

web server

privilege escalation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

42.9%

JSON

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenLiteSpeed Web Server",
    "repo": "https://github.com/litespeedtech/openlitespeed",
    "vendor": "LiteSpeed Technologies",
    "versions": [
      {
        "lessThan": "1.7.16.1",
        "status": "affected",
        "version": "1.6.15",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "LiteSpeed Web Server",
    "vendor": "LiteSpeed Technologies",
    "versions": [
      {
        "lessThan": "1.7.16.1",
        "status": "affected",
        "version": "1.6.15",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

42.9%

JSON

Related for CVELIST:CVE-2022-0074