Vulnerability Details : CVE-2022-30625
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.
Vulnerability category: Information leak
Products affected by CVE-2022-30625
- cpe:2.3:o:chcnav:p5e_gnss_firmware:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:chcnav:p5e_gnss_firmware:4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-30625
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-30625
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
1.5
|
3.7
|
Israel National Cyber Directorate | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2022-30625
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.Assigned by: cna@cyber.gov.il (Secondary)
References for CVE-2022-30625
-
https://www.gov.il/en/Departments/faq/cve_advisories
CVE Advisories | Israel National Cyber DirectorateThird Party Advisory
Jump to