Vulnerability Description
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Planka | Planka | < 1.5.1 |
Related Weaknesses (CWE)
References
- https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870dPatchThird Party Advisory
- https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70ExploitIssue TrackingPatch
- https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870dPatchThird Party Advisory
- https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70ExploitIssue TrackingPatch
FAQ
What is CVE-2022-2653?
CVE-2022-2653 is a vulnerability with a CVSS score of 6.5 (MEDIUM). With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes ...
How severe is CVE-2022-2653?
CVE-2022-2653 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2653?
Check the references section above for vendor advisories and patch information. Affected products include: Planka Planka.