CVE-2022-4968 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
canonical	CNA	6.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Vendor	Product	Version
canonical	netplan	𝑥 < 1.0.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

netplan.io

bullseye	no-dsa
bookworm	no-dsa
buster	postponed
sid	1.1.1-1 fixed
trixie	1.1.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

netplan.io

noble	Fixed 1.0-2ubuntu1.1 released
mantic	Fixed 0.107-5ubuntu0.3 released
jammy	Fixed 0.106.1-7ubuntu0.22.04.3 released
focal	Fixed 0.104-0ubuntu2~20.04.5 released
bionic	needed

Known Exploits!

Common Weakness Enumeration

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.

References

https://bugs.launchpad.net/netplan/+bug/1987842

https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2065738

https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee

https://www.cve.org/CVERecord?id=CVE-2022-4968

https://bugs.launchpad.net/netplan/+bug/1987842

https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2065738

https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee

https://www.cve.org/CVERecord?id=CVE-2022-4968