CVE-2022-28544

CWE-22 — Path Traversal5 documents4 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 47.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Galaxy Store Samsung Galaxy Store

Timeline

PublishedApr 11

Latest updateMay 27

Description

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

▶NVDsamsung/galaxy_store< 4.5.40.5

▶CVEListV5samsung_mobile/galaxy_store- — 4.5.40.5

🔴Vulnerability Details

OSV

subversion vulnerabilities↗2022-05-27

▶

GHSA

GHSA-h4gj-h272-9fcm: Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4↗2022-04-12

▶

OSV

subversion vulnerabilities↗2022-04-12

▶

CVEList

CVE-2022-28544: Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4↗2022-04-11

▶