CVE-2021-44674 — Path Traversal in Open-audit

CWE-22 — Path Traversal2 documents2 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 37.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opmantek Open-audit

Timeline

PublishedJan 3

Latest updateJan 4

Description

An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDopmantek/open-audit4.2.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-g8vf-4345-rm84: An information exposure issue has been discovered in Opmantek Open-AudIT 4↗2022-01-04

▶