Files or Directories Accessible to External Parties
CVE-2022-30428
Summary
In ginadmin prior to version v0.1.1-0.20220508032024-726109f01ad2, the incoming path value is not filtered, resulting in arbitrary file reading.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-552 - Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
Advisory Timeline
- Published