Lucene search

@huntrdevCVELIST:CVE-2022-4665

HistoryDec 23, 2022 - 12:00 a.m.

CVE-2022-4665 Unrestricted Upload of File with Dangerous Type in ampache/ampache

2022-12-2300:00:00

CWE-434

@huntrdev

www.cve.org

unrestricted upload

file type

github

vulnerability

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

34.7%

JSON

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6.

CNA Affected

[
  {
    "vendor": "ampache",
    "product": "ampache/ampache",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.5.6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/ampache/ampache/commit/8293fa86e5f50a168b7f5c892ffbd6aa555134bd

huntr.dev/bounties/5e7f3ecc-3b08-4e0e-8bf8-ae7ae229941f

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

34.7%

JSON

Related for CVELIST:CVE-2022-4665