CVE-2022-25937

Summary

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715.

Affected Software

VendorProductVersion RangeStatus
n/aglance0 < 3.0.9affected

Weaknesses

  • CWE-22: Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References