Vulnerability DatabaseCVE-2022-39296
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-39296
October 11, 2022
MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of "melisplatform/melis-asset-manager", leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to "melisplatform/melis-asset-manager" >= 5.0.1. This issue was addressed by restricting access to files to intended directories only.
Related Resources (5)
https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39296.json
https://github.com/melisplatform/melis-asset-manager/commit/a0f75918c049aff78953a0bc91c585153595d1bd
https://github.com/melisplatform/melis-asset-manager/security/advisories/GHSA-7fj2-rrq6-rphq
https://github.com/melisplatform/melis-asset-manager
https://nvd.nist.gov/vuln/detail/CVE-2022-39296
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22
EPSS
Base Score:
0.44