CVE-2022-0074

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:40

Type	Values Removed	Values Added
Summary	Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.	Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.

Information

Published : 2022-10-27 20:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-0074

Mitre link : CVE-2022-0074

CVE.ORG link : CVE-2022-0074

JSON object : View

Products Affected

litespeedtech

openlitespeed

CWE

CWE-426

Untrusted Search Path

{"id": "CVE-2022-0074", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-10-27T20:15:12.917", "references": [{"url": "https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29", "tags": ["Exploit", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and\u00a0LiteSpeed Web Server Container allows Privilege Escalation. This affects versions\u00a0from 1.6.15 before 1.7.16.1.\n"}, {"lang": "es", "value": "Vulnerabilidad de Untrusted Search Path en LiteSpeed ??Technologies OpenLiteSpeed ??Web Server y LiteSpeed ??Web Server Container permite la escalada de privilegios. Esto afecta a las versiones desde 1.6.15 anteriores a 1.7.16.1."}], "lastModified": "2023-11-07T03:40:56.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36A5D7A1-346D-4015-BE77-4B58E9A685DF", "versionEndExcluding": "1.7.16.1", "versionStartIncluding": "1.6.15"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}