Widoco WidocoUtils.java unZipIt path traversal

A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. Using CWE to declare the problem leads to CWE-22. The weakness was shared 12/27/2022 as 551. The advisory is available at github.com. This vulnerability is handled as CVE-2022-4772. It is possible to launch the attack on the local host. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1006 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The patch is identified as f2279b76827f32190adfa9bd5229b7d5a147fa92. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field12/27/2022 23:5201/25/2023 09:5601/25/2023 10:00
nameWidocoWidocoWidoco
filesrc/main/java/widoco/WidocoUtils.javasrc/main/java/widoco/WidocoUtils.javasrc/main/java/widoco/WidocoUtils.java
functionunZipItunZipItunZipIt
cwe22 (path traversal)22 (path traversal)22 (path traversal)
risk222
cvss3_vuldb_avLLL
cvss3_vuldb_acHHH
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier551551551
urlhttps://github.com/dgarijo/Widoco/pull/551https://github.com/dgarijo/Widoco/pull/551https://github.com/dgarijo/Widoco/pull/551
namePatchPatchPatch
patch_namef2279b76827f32190adfa9bd5229b7d5a147fa92f2279b76827f32190adfa9bd5229b7d5a147fa92f2279b76827f32190adfa9bd5229b7d5a147fa92
patch_urlhttps://github.com/dgarijo/Widoco/commit/f2279b76827f32190adfa9bd5229b7d5a147fa92https://github.com/dgarijo/Widoco/commit/f2279b76827f32190adfa9bd5229b7d5a147fa92https://github.com/dgarijo/Widoco/commit/f2279b76827f32190adfa9bd5229b7d5a147fa92
cveCVE-2022-4772CVE-2022-4772CVE-2022-4772
responsibleVulDBVulDBVulDB
date1672095600 (12/27/2022)1672095600 (12/27/2022)1672095600 (12/27/2022)
cvss2_vuldb_avLLL
cvss2_vuldb_acHHH
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore3.53.53.5
cvss2_vuldb_tempscore3.03.03.0
cvss3_vuldb_basescore4.54.54.5
cvss3_vuldb_tempscore4.34.34.3
cvss3_meta_basescore4.54.55.6
cvss3_meta_tempscore4.34.35.5
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672095600 (12/27/2022)1672095600 (12/27/2022)
cve_nvd_summaryA vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability.A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability.
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_cna_avL
cvss3_cna_acH
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss3_nvd_basescore7.8
cvss3_cna_basescore4.5

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!