Description

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.

Related CPE's

a

planka

planka

Vulnerable

References

https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418

PatchThird Party Advisory

https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70

ExploitIssue TrackingPatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-08-04T10:15:08.060

2 years ago

Last modified

2022-08-10T13:48:50.183

2 years ago