CVE-2022-0517Unrestricted File Upload in Mozilla VPN

CWE-434Unrestricted File Upload4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 87.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla VPNMozilla VPN
Timeline
PublishedDec 22

Description

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDmozilla/vpn< 2.7.1
CVEListV5mozilla/mozilla_vpnunspecified2.7.1

🔴Vulnerability Details

2
CVEList
CVE-2022-0517: Mozilla VPN can load an OpenSSL configuration file from an unsecured directory2022-12-22
GHSA
GHSA-4vgm-pr2v-749c: Mozilla VPN can load an OpenSSL configuration file from an unsecured directory2022-12-22

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2022-08: CVE-2022-0517
CVE-2022-0517 — Unrestricted File Upload in Mozilla VPN | cvebase