Description
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
References
https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418
PatchThird Party Advisory
https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70
ExploitIssue TrackingPatchThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-08-04T10:15:08.060
2 years agoLast modified
2022-08-10T13:48:50.183
2 years ago