Skip to main content

Files or Directories Accessible to External Parties

CVE-2022-27193

Severity Medium
Score 5.5/10

Summary

CVRF-CSAF-Converter before 1.0.0rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • NONE

CWE-552 - Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Advisory Timeline

  • Published