CVE-2022-0724
published 2022-02-23CVE-2022-0724: Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
PriorityP432medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.33%
67.4th percentile
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.3 | 1.3 |
| microweber | microweber | >= 0 < 1.3 | 1.3 |
| microweber | microweber_microweber | >= unspecified < 1.3 | 1.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Insecure Storage of Sensitive Information in Microweber
osv·2022-02-24
CVE-2022-0724 [HIGH] Insecure Storage of Sensitive Information in Microweber
Insecure Storage of Sensitive Information in Microweber
Microweber prior to version 1.3 does not strip images of EXIF data, exposing information about users' locations, device hardware, and device software.
GHSA
Insecure Storage of Sensitive Information in Microweber
ghsa·2022-02-24
CVE-2022-0724 [HIGH] CWE-922 Insecure Storage of Sensitive Information in Microweber
Insecure Storage of Sensitive Information in Microweber
Microweber prior to version 1.3 does not strip images of EXIF data, exposing information about users' locations, device hardware, and device software.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2022-23222 kernel: local privileges escalation in kernel/bpf/verifier.c
bugzilla·2022-01-21·CVSS 7.8
CVE-2022-23222 [HIGH] CVE-2022-23222 kernel: local privileges escalation in kernel/bpf/verifier.c
CVE-2022-23222 kernel: local privileges escalation in kernel/bpf/verifier.c
Local privileges escalation possible because of the availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c.
Reference:
https://www.openwall.com/lists/oss-security/2022/01/13/1
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2043521]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.6 Extended Update Support
Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
This issue has been addressed in the following products:
Re
Bugzilla
CVE-2021-4204 kernel: improper input validation may lead to privilege escalation
bugzilla·2022-01-11·CVSS 7.1
CVE-2021-4204 [HIGH] CVE-2021-4204 kernel: improper input validation may lead to privilege escalation
CVE-2021-4204 kernel: improper input validation may lead to privilege escalation
An out of bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This could allow a local attacker with a special privilege to crash the system or leak kernel internal information.
Reference:
https://www.openwall.com/lists/oss-security/2022/01/11/4
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2039896]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.6 Extended Update Support
Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/e
https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062
2022-02-23
Published