Lucene search

GoogleOSV:CVE-2022-42725

HistoryOct 10, 2022 - 5:15 a.m.

CVE-2022-42725

2022-10-1005:15:09

Google

osv.dev

warpinator

directory traversal

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.5%

JSON

Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links.

CPENameOperatorVersion
warpinatoreq1.0.6
warpinatoreq1.1.0
warpinatoreq1.2.10
warpinatoreq1.2.6
warpinatoreq1.0.3
warpinatoreq1.1.2
warpinatoreq1.2.0
warpinatoreq1.2.14
warpinatoreq1.2.13
warpinatoreq1.2.9

Name	Operator	Version
warpinator	eq	1.0.6
warpinator	eq	1.1.0
warpinator	eq	1.2.10
warpinator	eq	1.2.6
warpinator	eq	1.0.3
warpinator	eq	1.1.2
warpinator	eq	1.2.0
warpinator	eq	1.2.14
warpinator	eq	1.2.13
warpinator	eq	1.2.9

Rows per page:

1-10 of 251

References

www.openwall.com/lists/oss-security/2022/10/24/1

www.openwall.com/lists/oss-security/2023/04/26/1

github.com/linuxmint/warpinator/commit/5244c33d4c109ede9607b9d94461650410e2cddc

github.com/linuxmint/warpinator/commit/8bfd2f8b3f1b0c0f0a5a6d275702d107b9e08a94

github.com/linuxmint/warpinator/commit/95124fd4468683dd69ddd7b3da0e9906ce6beae2

github.com/linuxmint/warpinator/commit/f4907ef6a17a189d56ab0a9da4b53190b061ad75

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.5%

JSON

Related for OSV:CVE-2022-42725