Lucene search

Ubuntu.comUB:CVE-2022-37426

HistoryOct 28, 2022 - 12:00 a.m.

CVE-2022-37426

2022-10-2800:00:00

ubuntu.com

opennebula

file upload

vulnerability

linux

content injection

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.8%

JSON

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula
OpenNebula core on Linux allows File Content Injection.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopennebula< anyUNKNOWN
ubuntu16.04noarchopennebula< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	opennebula	< any	UNKNOWN
ubuntu	16.04	noarch	opennebula	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-37426

nvd.nist.gov/vuln/detail/CVE-2022-37426

opennebula.io/opennebula-6-4-2-ee-lts-maintenance-release-is-available/

security-tracker.debian.org/tracker/CVE-2022-37426

www.cve.org/CVERecord?id=CVE-2022-37426

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for UB:CVE-2022-37426