Lucene search

GitHub_MCVELIST:CVE-2022-31062

HistoryJun 20, 2022 - 12:00 a.m.

CVE-2022-31062 Unauthenticated Local File Inclusion

2022-06-2000:00:00

CWE-22

GitHub_M

www.cve.org

cve-2022-31062

unauthenticated

local file inclusion

plugin

system files

upgrade

version 1.0.2

workarounds

deploy feature

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.005

Percentile

76.4%

JSON

Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.

CNA Affected

[
  {
    "vendor": "glpi-project",
    "product": "glpi-inventory-plugin",
    "versions": [
      {
        "version": "< 1.0.2",
        "status": "affected"
      }
    ]
  }
]

References

packetstormsecurity.com/files/171654/GLPI-Glpiinventory-1.0.1-Local-File-Inclusion.html

github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-q33f-jcjf-p4v9

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.005

Percentile

76.4%

JSON

Related for CVELIST:CVE-2022-31062

CVE-2022-31062 Unauthenticated Local File Inclusion

Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds b/deploy/index.php file can be deleted if deploy feature is not used.

CNA Affected

References

Related

Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.