CVE-2022-25377

The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
appwriteappwrite
0.5.0 ≤
𝑥
< 0.12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/
https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539
https://github.com/appwrite/appwrite/pull/2780
https://github.com/appwrite/appwrite/releases/tag/0.12.2
https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/
https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539
https://github.com/appwrite/appwrite/pull/2780
https://github.com/appwrite/appwrite/releases/tag/0.12.2