CVE-2022-0072

{"id": "CVE-2022-0072", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-10-27T20:15:12.417", "references": [{"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061", "tags": ["Exploit", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061", "tags": ["Exploit", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and\u00a0LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1"}, {"lang": "es", "value": "Vulnerabilidad de Directory Traversal en LiteSeep Technologies OpenLiteSpeed ??Web Server y LiteSpeed ??Web Server permite Path Traversal. Esto afecta a las versiones desde la 1.5.11 hasta la 1.5.12, desde la 1.6.5 hasta la 1.6.20.1, desde la 1.7.0 anterior a la 1.7.16.1."}], "lastModified": "2023-11-07T03:40:56.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FD4E9B6-0BFE-44D2-83AA-1EFBDC0BC2AB", "versionEndIncluding": "1.6.20.1", "versionStartIncluding": "1.6.5"}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96987D69-D7A7-4ACD-81B9-339C096AD9D8", "versionEndExcluding": "1.7.16.1", "versionStartIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "093A8797-4DA4-4B8A-B9FE-1D7CD11225AE"}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75720FC7-7158-4301-A055-E292CEDFF4DB"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}