cvelist/2022/2xxx/CVE-2022-2653.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@huntr.dev",
        "ID": "CVE-2022-2653",
        "STATE": "PUBLIC",
        "TITLE": "Path Traversal in plankanban/planka"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "plankanban/planka",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "1.5.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "plankanban"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70",
                "refsource": "CONFIRM",
                "url": "https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70"
            },
            {
                "name": "https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418",
                "refsource": "MISC",
                "url": "https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418"
            }
        ]
    },
    "source": {
        "advisory": "5dff7cf9-8bb2-4f67-a02d-b94db5009d70",
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2022-08-04 09:00:48 +00:00			`{`
"-Synchronized-Data." 2022-08-04 10:00:50 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@huntr.dev",`
			`"ID": "CVE-2022-2653",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Path Traversal in plankanban/planka"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "plankanban/planka",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "1.5.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "plankanban"`
5dff7cf9-8bb2-4f67-a02d-b94db5009d70 2022-08-04 10:34:52 +01:00			`}`
			`]`
			`}`
"-Synchronized-Data." 2022-08-04 10:00:50 +00:00			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system."`
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 7.1,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"`
			`}`
			`]`
			`}`
5dff7cf9-8bb2-4f67-a02d-b94db5009d70 2022-08-04 10:34:52 +01:00			`]`
"-Synchronized-Data." 2022-08-04 10:00:50 +00:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70",`
			`"refsource": "CONFIRM",`
			`"url": "https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70"`
			`},`
			`{`
			`"name": "https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418",`
			`"refsource": "MISC",`
			`"url": "https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "5dff7cf9-8bb2-4f67-a02d-b94db5009d70",`
			`"discovery": "EXTERNAL"`
			`}`
"-Synchronized-Data." 2022-08-04 09:00:48 +00:00			`}`