Lucene search
SnykCVELIST:CVE-2022-25937HistoryFeb 13, 2023 - 5:00 a.m.
CVE-2022-25937
2023-02-1305:00:01
snyk
www.cve.org
2
glance package
directory traversal
public root directory
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
EPSS
0.001
Percentile
38.0%
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715.
CNA Affected
[
{
"product": "glance",
"versions": [
{
"version": "0",
"lessThan": "3.0.9",
"status": "affected",
"versionType": "semver"
}
],
"vendor": "n/a"
}
]Related
osv
osv
CVE-2022-25937
2023-02-13 05:15:12
Path traversal vulnerability in glance
2023-02-13 06:30:59
CVE-2018-3715
2018-06-07 02:29:08
nvd
nvd
CVE-2022-25937
2023-02-13 05:15:12
CVE-2018-3715
2018-06-07 02:29:08
prion
prion
Directory traversal
2023-02-13 05:15:00
Path traversal
2018-06-07 02:29:00
cve
cve
CVE-2022-25937
2023-02-13 05:15:12
CVE-2018-3715
2018-06-07 02:29:08
github
github
Path traversal vulnerability in glance
2023-02-13 06:30:59
Path Traversal in glance
2018-07-26 14:53:14
veracode
veracode
Path Traversal
2023-02-15 02:32:36
Path Traversal
2018-03-05 01:16:34
nodejs
nodejs
Path Traversal
2018-04-24 15:46:07
hackerone
hackerone
cvelist
cvelist
CVE-2018-3715
2018-06-07 02:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
EPSS
0.001
Percentile
38.0%
Related for CVELIST:CVE-2022-25937