Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for passwork by passwork
CVE-2023-49949 (GCVE-0-2023-49949)
Vulnerability from cvelistv5 – Published: 2023-12-26 00:00 – Updated: 2024-08-02 22:09
VLAI
Summary
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://passwork.ru/"
},
{
"tags": [
"x_transferred"
],
"url": "https://acribia.ru/articles/2fa_bypass_passwork"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-26T13:54:53.543Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://passwork.ru/"
},
{
"url": "https://acribia.ru/articles/2fa_bypass_passwork"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49949",
"datePublished": "2023-12-26T00:00:00.000Z",
"dateReserved": "2023-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-02T22:09:49.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42955 (GCVE-0-2022-42955)
Vulnerability from cvelistv5 – Published: 2022-11-07 00:00 – Updated: 2025-05-05 17:48
VLAI
Summary
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chrome.google.com/webstore/detail/passwork-self-hosted/ibiipnmmlnehmeonnhbdajcfagcgihkl"
},
{
"tags": [
"x_transferred"
],
"url": "https://passwork.canny.io/changelog/version-5110"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T17:47:07.305585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:48:04.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://chrome.google.com/webstore/detail/passwork-self-hosted/ibiipnmmlnehmeonnhbdajcfagcgihkl"
},
{
"url": "https://passwork.canny.io/changelog/version-5110"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42955",
"datePublished": "2022-11-07T00:00:00.000Z",
"dateReserved": "2022-10-15T00:00:00.000Z",
"dateUpdated": "2025-05-05T17:48:04.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42956 (GCVE-0-2022-42956)
Vulnerability from cvelistv5 – Published: 2022-11-07 00:00 – Updated: 2025-05-05 17:50
VLAI
Summary
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chrome.google.com/webstore/detail/passwork-self-hosted/ibiipnmmlnehmeonnhbdajcfagcgihkl"
},
{
"tags": [
"x_transferred"
],
"url": "https://passwork.canny.io/changelog/version-5110"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T17:48:48.354328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:50:05.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://chrome.google.com/webstore/detail/passwork-self-hosted/ibiipnmmlnehmeonnhbdajcfagcgihkl"
},
{
"url": "https://passwork.canny.io/changelog/version-5110"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42956",
"datePublished": "2022-11-07T00:00:00.000Z",
"dateReserved": "2022-10-15T00:00:00.000Z",
"dateUpdated": "2025-05-05T17:50:05.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25266 (GCVE-0-2022-25266)
Vulnerability from cvelistv5 – Published: 2022-03-23 22:06 – Updated: 2024-08-03 04:36
VLAI
Summary
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://passwork.me | x_refsource_MISC |
| https://gist.github.com/garakh/e0e2fe6d6e234f0595… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T22:06:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://passwork.me",
"refsource": "MISC",
"url": "https://passwork.me"
},
{
"name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2",
"refsource": "MISC",
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25266",
"datePublished": "2022-03-23T22:06:54.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25269 (GCVE-0-2022-25269)
Vulnerability from cvelistv5 – Published: 2022-03-23 22:06 – Updated: 2024-08-03 04:36
VLAI
Summary
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://passwork.me | x_refsource_MISC |
| https://gist.github.com/garakh/e0e2fe6d6e234f0595… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork On-Premise Edition before 4.6.13 has multiple XSS issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T22:06:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passwork On-Premise Edition before 4.6.13 has multiple XSS issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://passwork.me",
"refsource": "MISC",
"url": "https://passwork.me"
},
{
"name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2",
"refsource": "MISC",
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25269",
"datePublished": "2022-03-23T22:06:43.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25268 (GCVE-0-2022-25268)
Vulnerability from cvelistv5 – Published: 2022-03-23 22:06 – Updated: 2024-08-03 04:36
VLAI
Summary
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://passwork.me | x_refsource_MISC |
| https://gist.github.com/garakh/e0e2fe6d6e234f0595… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T22:06:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://passwork.me",
"refsource": "MISC",
"url": "https://passwork.me"
},
{
"name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2",
"refsource": "MISC",
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25268",
"datePublished": "2022-03-23T22:06:32.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25267 (GCVE-0-2022-25267)
Vulnerability from cvelistv5 – Published: 2022-03-23 22:06 – Updated: 2024-08-03 04:36
VLAI
Summary
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://passwork.me | x_refsource_MISC |
| https://gist.github.com/garakh/e0e2fe6d6e234f0595… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T22:06:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://passwork.me",
"refsource": "MISC",
"url": "https://passwork.me"
},
{
"name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2",
"refsource": "MISC",
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25267",
"datePublished": "2022-03-23T22:06:24.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49949 (GCVE-0-2023-49949)
Vulnerability from nvd – Published: 2023-12-26 00:00 – Updated: 2024-08-02 22:09
VLAI
Summary
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://passwork.ru/"
},
{
"tags": [
"x_transferred"
],
"url": "https://acribia.ru/articles/2fa_bypass_passwork"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-26T13:54:53.543Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://passwork.ru/"
},
{
"url": "https://acribia.ru/articles/2fa_bypass_passwork"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49949",
"datePublished": "2023-12-26T00:00:00.000Z",
"dateReserved": "2023-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-02T22:09:49.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42955 (GCVE-0-2022-42955)
Vulnerability from nvd – Published: 2022-11-07 00:00 – Updated: 2025-05-05 17:48
VLAI
Summary
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chrome.google.com/webstore/detail/passwork-self-hosted/ibiipnmmlnehmeonnhbdajcfagcgihkl"
},
{
"tags": [
"x_transferred"
],
"url": "https://passwork.canny.io/changelog/version-5110"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T17:47:07.305585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:48:04.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://chrome.google.com/webstore/detail/passwork-self-hosted/ibiipnmmlnehmeonnhbdajcfagcgihkl"
},
{
"url": "https://passwork.canny.io/changelog/version-5110"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42955",
"datePublished": "2022-11-07T00:00:00.000Z",
"dateReserved": "2022-10-15T00:00:00.000Z",
"dateUpdated": "2025-05-05T17:48:04.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42956 (GCVE-0-2022-42956)
Vulnerability from nvd – Published: 2022-11-07 00:00 – Updated: 2025-05-05 17:50
VLAI
Summary
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chrome.google.com/webstore/detail/passwork-self-hosted/ibiipnmmlnehmeonnhbdajcfagcgihkl"
},
{
"tags": [
"x_transferred"
],
"url": "https://passwork.canny.io/changelog/version-5110"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T17:48:48.354328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:50:05.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://chrome.google.com/webstore/detail/passwork-self-hosted/ibiipnmmlnehmeonnhbdajcfagcgihkl"
},
{
"url": "https://passwork.canny.io/changelog/version-5110"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42956",
"datePublished": "2022-11-07T00:00:00.000Z",
"dateReserved": "2022-10-15T00:00:00.000Z",
"dateUpdated": "2025-05-05T17:50:05.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25266 (GCVE-0-2022-25266)
Vulnerability from nvd – Published: 2022-03-23 22:06 – Updated: 2024-08-03 04:36
VLAI
Summary
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://passwork.me | x_refsource_MISC |
| https://gist.github.com/garakh/e0e2fe6d6e234f0595… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T22:06:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://passwork.me",
"refsource": "MISC",
"url": "https://passwork.me"
},
{
"name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2",
"refsource": "MISC",
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25266",
"datePublished": "2022-03-23T22:06:54.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25269 (GCVE-0-2022-25269)
Vulnerability from nvd – Published: 2022-03-23 22:06 – Updated: 2024-08-03 04:36
VLAI
Summary
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://passwork.me | x_refsource_MISC |
| https://gist.github.com/garakh/e0e2fe6d6e234f0595… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork On-Premise Edition before 4.6.13 has multiple XSS issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T22:06:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passwork On-Premise Edition before 4.6.13 has multiple XSS issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://passwork.me",
"refsource": "MISC",
"url": "https://passwork.me"
},
{
"name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2",
"refsource": "MISC",
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25269",
"datePublished": "2022-03-23T22:06:43.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25268 (GCVE-0-2022-25268)
Vulnerability from nvd – Published: 2022-03-23 22:06 – Updated: 2024-08-03 04:36
VLAI
Summary
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://passwork.me | x_refsource_MISC |
| https://gist.github.com/garakh/e0e2fe6d6e234f0595… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T22:06:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://passwork.me",
"refsource": "MISC",
"url": "https://passwork.me"
},
{
"name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2",
"refsource": "MISC",
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25268",
"datePublished": "2022-03-23T22:06:32.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25267 (GCVE-0-2022-25267)
Vulnerability from nvd – Published: 2022-03-23 22:06 – Updated: 2024-08-03 04:36
VLAI
Summary
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://passwork.me | x_refsource_MISC |
| https://gist.github.com/garakh/e0e2fe6d6e234f0595… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T22:06:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://passwork.me"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://passwork.me",
"refsource": "MISC",
"url": "https://passwork.me"
},
{
"name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2",
"refsource": "MISC",
"url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25267",
"datePublished": "2022-03-23T22:06:24.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}