CVE-2022-2653
Path Traversal in plankanban/planka
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
04 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Affected products
plankanban · plankanban/planka