Lucene search

K
nvd[email protected]NVD:CVE-2022-45921
HistoryNov 28, 2022 - 9:15 p.m.

CVE-2022-45921

2022-11-2821:15:10
CWE-22
web.nvd.nist.gov
4
fusionauth
file retrieval
vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.0%

FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.

Affected configurations

Nvd
Node
fusionauthfusionauthRange1.37.01.41.3
VendorProductVersionCPE
fusionauthfusionauth*cpe:2.3:a:fusionauth:fusionauth:*:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.0%

Related for NVD:CVE-2022-45921