CVE-2022-0074

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*

History

04 Nov 2022, 21:15

Type	Values Removed	Values Added
Summary	~~Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.~~	Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.

28 Oct 2022, 18:56

Type	Values Removed	Values Added
CPE		cpe:2.3:a:litespeedtech:openlitespeed::::::::
CWE		CWE-426
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~(MISC) https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29 -~~	(MISC) https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29 - Exploit, Third Party Advisory

27 Oct 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-27 20:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-0074

Mitre link : CVE-2022-0074

CVE.ORG link : CVE-2022-0074

JSON object : View

Products Affected

litespeedtech

openlitespeed

CWE

CWE-426

Untrusted Search Path

{"id": "CVE-2022-0074", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-10-27T20:15:12.917", "references": [{"url": "https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29", "tags": ["Exploit", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and\u00a0LiteSpeed Web Server Container allows Privilege Escalation. This affects versions\u00a0from 1.6.15 before 1.7.16.1.\n"}, {"lang": "es", "value": "Vulnerabilidad de Untrusted Search Path en LiteSpeed ??Technologies OpenLiteSpeed ??Web Server y LiteSpeed ??Web Server Container permite la escalada de privilegios. Esto afecta a las versiones desde 1.6.15 anteriores a 1.7.16.1."}], "lastModified": "2023-11-07T03:40:56.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36A5D7A1-346D-4015-BE77-4B58E9A685DF", "versionEndExcluding": "1.7.16.1", "versionStartIncluding": "1.6.15"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}