Home > Vulnerability Database > CVE-2022-2653

Mend.io Vulnerability Database

CVE-2022-2653

Good to know:

Date: August 4, 2022

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.

Language: JS

Severity Score

6.5

Related Resources (4)

Url: https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2653

Url: https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70

Url: https://www.mend.io/vulnerability-database/CVE-2022-2653

Severity Score

6.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v1.5.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-2653

Good to know:

Date: August 4, 2022

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?