Lucene search

GitHub Advisory DatabaseGHSA-5824-6JFV-XR3R

HistoryMay 26, 2022 - 12:01 a.m.

Arbitrary file read in ginadmin

2022-05-2600:01:22

CWE-22

CWE-552

GitHub Advisory Database

github.com

ginadmin

arbitrary file read

unfiltered path value

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

58.7%

JSON

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. A patch is available on the master branch of the repository.

Affected configurations

Vulners

Node

gphperginadminRange≤0.1.1

VendorProductVersionCPE
gphperginadmin*cpe:2.3:a:gphper:ginadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gphper	ginadmin	*	cpe:2.3:a:gphper:ginadmin::::::::

References

github.com/advisories/GHSA-5824-6jfv-xr3r

github.com/gphper/ginadmin/commit/726109f01ad23523715f36f7d272958064666a30

github.com/gphper/ginadmin/issues/9

nvd.nist.gov/vuln/detail/CVE-2022-30428

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

58.7%

JSON

Related for GHSA-5824-6JFV-XR3R