With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
References
Link | Resource |
---|---|
https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418 | Patch Third Party Advisory |
https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: @huntrdev
Published: 2022-08-04T09:35:25
Updated: 2022-08-04T09:35:25
Reserved: 2022-08-04T00:00:00
Link: CVE-2022-2653
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-04T10:15:08.060
Modified: 2022-08-10T13:48:50.183
Link: CVE-2022-2653
JSON object: View
Redhat Information
No data.
CWE