CVE-2022-21132

Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pfsense:pfsense-pkg-wireguard:*:*:*:*:*:*:*:*
cpe:2.3:a:pfsense:pfsense-pkg-wireguard:0.1.6:*:*:*:*:*:*:*

History

15 Mar 2022, 19:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CPE cpe:2.3:a:pfsense:pfsense-pkg-wireguard:0.1.6:*:*:*:*:*:*:*
cpe:2.3:a:pfsense:pfsense-pkg-wireguard:*:*:*:*:*:*:*:*
CWE CWE-22
References (MISC) https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-WireGuard - (MISC) https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-WireGuard - Patch, Third Party Advisory
References (MISC) https://jvn.jp/en/jp/JVN85572374/index.html - (MISC) https://jvn.jp/en/jp/JVN85572374/index.html - Third Party Advisory

10 Mar 2022, 17:54

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-10 17:45

Updated : 2024-02-04 22:29


NVD link : CVE-2022-21132

Mitre link : CVE-2022-21132

CVE.ORG link : CVE-2022-21132


JSON object : View

Products Affected

pfsense

  • pfsense-pkg-wireguard
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')