Vulnerability Details : CVE-2022-4772
A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability.
Vulnerability category: Directory traversal
Products affected by CVE-2022-4772
- cpe:2.3:a:widoco_project:widoco:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-4772
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-4772
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.5
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
1.0
|
3.4
|
VulDB | |
4.5
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
1.0
|
3.4
|
VulDB | 2024-02-29 |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-4772
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: cna@vuldb.com (Primary)
References for CVE-2022-4772
-
https://vuldb.com/?id.216914
CVE-2022-4772 | Widoco WidocoUtils.java unZipIt path traversal (ID 551)Third Party Advisory
-
https://github.com/dgarijo/Widoco/pull/551
[SECURITY] Fix Zip Slip Vulnerability by JLLeitschuh · Pull Request #551 · dgarijo/Widoco · GitHubThird Party Advisory
-
https://vuldb.com/?ctiid.216914
CVE-2022-4772 | Widoco WidocoUtils.java unZipIt path traversal (ID 551)Third Party Advisory
-
https://github.com/dgarijo/Widoco/commit/f2279b76827f32190adfa9bd5229b7d5a147fa92
vuln-fix: Zip Slip Vulnerability · dgarijo/Widoco@f2279b7 · GitHubPatch;Third Party Advisory
Jump to