ByteOS Network

NVD Vulnerability Details :

CVE-2022-4563

Modified

Source-cna@vuldb.com

Published At-16 Dec, 2022 | 17:15

Updated At-07 Nov, 2023 | 03:58

A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

freedom>>securedrop>>Versions before 2.5.1(exclusive)

cpe:2.3:a:freedom:securedrop:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-59	Primary	cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/freedomofpress/securedrop/commit/b0526a06f8ca713cce74b63e00d3730618d89691	cna@vuldb.com	Patch Third Party Advisory
https://github.com/freedomofpress/securedrop/compare/2.5.0...2.5.1	cna@vuldb.com	N/A
https://github.com/freedomofpress/securedrop/pull/6704	cna@vuldb.com	Third Party Advisory
https://securedrop.org/news/2_5_1-security-advisory/	cna@vuldb.com	N/A
https://vuldb.com/?id.215972	cna@vuldb.com	Permissions Required Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History