** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability.
References
Link | Resource |
---|---|
https://whichbuffer.medium.com/filezilla-client-cleartext-storage-of-sensitive-information-in-memory-vulnerability-83958c1e1643 | Exploit Third Party Advisory |
https://youtu.be/ErZl1i7McHk | Exploit Third Party Advisory |
https://youtu.be/eSlfQQytIq0 | Broken Link |
Configurations
History
09 Nov 2022, 17:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:filezilla-project:filezilla_client:3.59.0:*:*:*:*:*:*:* |
17 Jun 2022, 16:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:filezilla-project:filezilla:3.59.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
CWE | CWE-312 | |
References | (MISC) https://youtu.be/eSlfQQytIq0 - Broken Link | |
References | (MISC) https://youtu.be/ErZl1i7McHk - Exploit, Third Party Advisory | |
References | (MISC) https://whichbuffer.medium.com/filezilla-client-cleartext-storage-of-sensitive-information-in-memory-vulnerability-83958c1e1643 - Exploit, Third Party Advisory |
09 Jun 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jun 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-07 21:15
Updated : 2024-08-03 07:15
NVD link : CVE-2022-29620
Mitre link : CVE-2022-29620
CVE.ORG link : CVE-2022-29620
JSON object : View
Products Affected
filezilla-project
- filezilla_client
CWE
CWE-312
Cleartext Storage of Sensitive Information