CVE-2022-29180
May 07, 2022
A vulnerability in which attackers could forge HTTP requests to manipulate the "charm" data directory to access or delete anything on the server. This has been patched and is available in release "v0.12.1" (https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted "charm" instances update immediately. This vulnerability was found in-house and we haven't been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm "Docker images" (https://github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem.
Affected Packages
github.com/charmbracelet/charm (GO):
Affected version(s) >=v0.9.0 <v0.12.1Fix Suggestion:
Update to version v0.12.1Additional Notes
The description of this vulnerability differs from MITRE.
Related Resources (5)
Do you need more information?
Contact UsCVSS v4
Base Score:
6
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
7.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Server-Side Request Forgery (SSRF)
EPSS
Base Score:
0.25
