admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-307xx/CVE-2022-30708.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

247 lines
6.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-30708",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-05-15T03:15:07.060",
"lastModified": "2024-11-21T07:03:13.387",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter."
},
{
"lang": "es",
"value": "Webmin versiones hasta 1.991, cuando es usado el tema Authentic, permite una ejecuci\u00f3n de c\u00f3digo remota cuando un usuario ha sido creado manualmente (es decir, no ha sido creado en Virtualmin o Cloudmin). Esto ocurre porque settings-editor_write.cgi no restringe apropiadamente el par\u00e1metro de archivo"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.991",
"matchCriteriaId": "E7E66E77-42F1-435A-A63C-00C63E08F2AF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/esp0xdeadbeef/rce_webmin",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/webmin/authentic-theme/releases",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/webmin/webmin/issues/1635",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/webmin/webmin/releases",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://webmin.com/changes.html",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.twitch.tv/videos/1483029790",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/esp0xdeadbeef/rce_webmin",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/webmin/authentic-theme/releases",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/webmin/webmin/issues/1635",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/webmin/webmin/releases",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://webmin.com/changes.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.twitch.tv/videos/1483029790",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink