github - ghsa-gfrv-96fc-6fhx

GHSA-GFRV-96FC-6FHX

Vulnerability from github – Published: 2022-01-14 00:01 – Updated: 2023-10-12 21:30

Details

File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources.

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-22988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-13T21:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources.",
  "id": "GHSA-gfrv-96fc-6fhx",
  "modified": "2023-10-12T21:30:56Z",
  "published": "2022-01-14T00:01:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22988"
    },
    {
      "type": "WEB",
      "url": "https://www.westerndigital.com/support/product-security/wdc-22003-edgerover-desktop-app-version-1-5-0-576"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-22988 (GCVE-0-2022-22988)

Vulnerability from cvelistv5 – Published: 2022-01-13 20:27 – Updated: 2024-08-03 03:28

Summary

File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-275 - Permission Issues

Assigner

WDC PSIRT

References

URL

Tags

https://www.westerndigital.com/support/product-se…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Western Digital

EdgeRover

Affected: EdgeRover Mac Desktop App , < 1.5.0-576 (custom)

Western Digital

EdgeRover

Affected: EdgeRover Windows Desktop App , < 1.5.0-576 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.westerndigital.com/support/product-security/wdc-22003-edgerover-desktop-app-version-1-5-0-576"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Mac"
          ],
          "product": "EdgeRover",
          "vendor": "Western Digital",
          "versions": [
            {
              "lessThan": "1.5.0-576",
              "status": "affected",
              "version": "EdgeRover Mac Desktop App",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "EdgeRover",
          "vendor": "Western Digital",
          "versions": [
            {
              "lessThan": "1.5.0-576",
              "status": "affected",
              "version": "EdgeRover Windows Desktop App",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eFile and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device.\u0026nbsp;\u003c/p\u003e"
            }
          ],
          "value": "File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device.\u00a0\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-275",
              "description": "CWE-275 Permission Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-12T20:25:41.972Z",
        "orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
        "shortName": "WDC PSIRT"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.westerndigital.com/support/product-security/wdc-22003-edgerover-desktop-app-version-1-5-0-576"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate your EdgeRover Application to version 1.5.0-576 on Windows and Mac systems. \u003c/p\u003e"
            }
          ],
          "value": "Update your EdgeRover Application to version 1.5.0-576 on Windows and Mac systems. \n\n"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Insecure file and directory permissions on EdgeRover",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@wdc.com",
          "ID": "CVE-2022-22988",
          "STATE": "PUBLIC",
          "TITLE": "Insecure file and directory permissions on EdgeRover"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EdgeRover",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Mac",
                            "version_affected": "\u003c",
                            "version_name": "EdgeRover Mac Desktop App",
                            "version_value": "1.5.0-576"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "EdgeRover Windows Desktop App",
                            "version_value": "1.5.0-576"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Western Digital"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-275 Permission Issues"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.westerndigital.com/support/product-security/wdc-22003-edgerover-desktop-app-version-1-5-0-576",
              "refsource": "MISC",
              "url": "https://www.westerndigital.com/support/product-security/wdc-22003-edgerover-desktop-app-version-1-5-0-576"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update your EdgeRover Application to version 1.5.0-576 on Windows and Mac systems. "
          }
        ],
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
    "assignerShortName": "WDC PSIRT",
    "cveId": "CVE-2022-22988",
    "datePublished": "2022-01-13T20:27:27",
    "dateReserved": "2022-01-10T00:00:00",
    "dateUpdated": "2024-08-03T03:28:42.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-GFRV-96FC-6FHX

CVE-2022-22988 (GCVE-0-2022-22988)

Tags

Sightings

Nomenclature