← volver
CVE-2022-2653

Path Traversal in plankanban/planka

CVSS 7.1 HIGHEPSS 0.8%CWE-22
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.1EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 ago 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N