CVE-2022-2653
7.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| plankanban | plankanban/planka | unspecified < 1.5.1 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70
- https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418
References
- https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70
- https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.