CVE-2022-39296
Last modified
CVE-2022-39296 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. EPSS estimates a 1.47% chance of exploitation in the next 30 days.
Description
MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-asset-manager` >= 5.0.1. This issue was addressed by restricting access to files to intended directories only.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Melistechnology | Melis-Asset-Manager | < 5.0.1 |
References
- https://github.com/melisplatform/melis-asset-manager/commit/a0f75918c049aff78953a0bc91c585153595d1bdPatch, Third Party Advisory
- https://github.com/melisplatform/melis-asset-manager/security/advisories/GHSA-7fj2-rrq6-rphqPatch, Third Party Advisory
- https://github.com/melisplatform/melis-asset-manager/commit/a0f75918c049aff78953a0bc91c585153595d1bdPatch, Third Party Advisory
- https://github.com/melisplatform/melis-asset-manager/security/advisories/GHSA-7fj2-rrq6-rphqPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-39296?
How severe is CVE-2022-39296?
How do I fix CVE-2022-39296?
Are you affected by CVE-2022-39296?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST