Vulnerability Details : CVE-2022-23470
Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy's internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability.
Vulnerability category: Directory traversal
Products affected by CVE-2022-23470
- cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23470
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23470
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
3.9
|
4.0
|
GitHub, Inc. |
CWE ids for CVE-2022-23470
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2022-23470
-
https://github.com/galaxyproject/galaxy/security/advisories/GHSA-grjf-2ghx-q77x
Directory traversal attack of static file serving. · Advisory · galaxyproject/galaxy · GitHubPatch;Third Party Advisory
-
https://github.com/galaxyproject/galaxy/commit/e5e6bda4f014f807ca77ee0cf6af777a55918346
Contain directory traversal for static files to host static root. · galaxyproject/galaxy@e5e6bda · GitHubPatch;Third Party Advisory
Jump to