Lucene search

[email protected]NVD:CVE-2022-23082

HistoryMay 31, 2022 - 3:15 p.m.

CVE-2022-23082

2022-05-3115:15:07

CWE-22

[email protected]

web.nvd.nist.gov

curekit

path traversal

vulnerability

user input

sanitize

cve-2022-23082

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.3%

JSON

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

Affected configurations

Nvd

Node

mendcurekitRange1.0.1–1.1.3

VendorProductVersionCPE
mendcurekit*cpe:2.3:a:mend:curekit:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mend	curekit	*	cpe:2.3:a:mend:curekit::::::::

References

github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6

www.mend.io/vulnerability-database/CVE-2022-23082

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.3%

JSON

Related for NVD:CVE-2022-23082

cvelist1 prion1 osv2 cve1 veracode1 github1