CVE-2022-28784 — Path Traversal in Mobile Devices

CWE-22 — Path Traversal3 documents3 sources

Severity

3.3LOWNVD

CNA4.0

EPSS

0.0%

top 94.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedMay 3

Latest updateMay 4

Description

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesQ(10), R(11), S(12) — SMR May-2022 Release 1

▶NVDgoogle/android10.0, 11.0, 12.0+2

🔴Vulnerability Details

GHSA

GHSA-v9mv-xwff-7whp: Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system use↗2022-05-04

▶

CVEList

CVE-2022-28784: Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system use↗2022-05-03

▶