CVE-2022-3389

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-3389
Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://huntr.dev/bounties/f7d2a6ab-2faf-4719-bdb6-e4e5d6065752 Exploit Third Party Advisory
https://github.com/ikus060/rdiffweb/commit/323383d1db656f1b1291be529947bd943a6b0e99 Patch Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:ikus-soft:rdiffweb:*:*:*:*:*:*:*:*
Information

Published : 2022-10-06 11:16

Updated : 2022-10-06 16:36

NVD link : CVE-2022-3389

Mitre link : CVE-2022-3389

JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa
Products Affected

ikus-soft

  • rdiffweb