nvd-json-data-feeds/CVE-2022/CVE-2022-434xx/CVE-2022-43451.json

{
  "id": "CVE-2022-43451",
  "sourceIdentifier": "scy@openharmony.io",
  "published": "2022-11-03T20:15:33.867",
  "lastModified": "2024-11-21T07:26:30.713",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges."
    },
    {
      "lang": "es",
      "value": "OpenHarmony-v3.1.2 y versiones anteriores ten\u00edan una vulnerabilidad de Multiple path traversal en los servicios appspawn y nwebspawn. Los atacantes locales pueden crear directorios arbitrarios o escapar de la zona de pruebas de la aplicaci\u00f3n. Si se encadena con otras vulnerabilidades, permitir\u00eda que un proceso sin privilegios obtuviera privilegios completos del root."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "scy@openharmony.io",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "scy@openharmony.io",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.1",
              "versionEndIncluding": "3.1.2",
              "matchCriteriaId": "C026D184-A8AE-4DE6-A339-EA4469DDD4E7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md",
      "source": "scy@openharmony.io",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}