CVE-2022-42725 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 68%

Affected Products (NVD)

Vendor	Product	Version
linuxmint	warpinator	𝑥 ≤ 1.2.14

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://www.openwall.com/lists/oss-security/2022/10/24/1

http://www.openwall.com/lists/oss-security/2023/04/26/1

https://github.com/linuxmint/warpinator/commit/5244c33d4c109ede9607b9d94461650410e2cddc

https://github.com/linuxmint/warpinator/commit/8bfd2f8b3f1b0c0f0a5a6d275702d107b9e08a94

https://github.com/linuxmint/warpinator/commit/95124fd4468683dd69ddd7b3da0e9906ce6beae2

https://github.com/linuxmint/warpinator/commit/f4907ef6a17a189d56ab0a9da4b53190b061ad75

http://www.openwall.com/lists/oss-security/2022/10/24/1

http://www.openwall.com/lists/oss-security/2023/04/26/1

https://github.com/linuxmint/warpinator/commit/5244c33d4c109ede9607b9d94461650410e2cddc

https://github.com/linuxmint/warpinator/commit/8bfd2f8b3f1b0c0f0a5a6d275702d107b9e08a94

https://github.com/linuxmint/warpinator/commit/95124fd4468683dd69ddd7b3da0e9906ce6beae2

https://github.com/linuxmint/warpinator/commit/f4907ef6a17a189d56ab0a9da4b53190b061ad75