Lucene search

K
nvd[email protected]NVD:CVE-2022-34126
HistoryApr 16, 2023 - 3:15 a.m.

CVE-2022-34126

2023-04-1603:15:07
CWE-22
web.nvd.nist.gov
1
cve-2022-34126
glpi
directory traversal
file reading

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.4%

The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter.

Affected configurations

NVD
Node
glpi-projectactivityRange<3.1.1glpi

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.4%

Related for NVD:CVE-2022-34126