CVE-2022-32320

CVSS V2 None CVSS V3 High 8.8
Description
A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file.
Overview
  • CVE ID
  • CVE-2022-32320
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-07-17T17:15:08
  • Last Modified Date
  • 2022-07-25T19:04:08
Weakness Enumerations
CWE URL
CWE-352 http://cwe.mitre.org/data/definitions/352.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ferdium:ferdium:6.0.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly10:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly11:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly12:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly13:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly14:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly15:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly16:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly17:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly18:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly19:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly20:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly21:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly22:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly23:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly24:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly25:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly26:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly27:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly28:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly29:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly3:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly30:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly31:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly32:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly33:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly34:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly35:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly36:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly37:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly38:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly39:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly4:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly40:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly41:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly42:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly43:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly44:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly45:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly46:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly47:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly48:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly49:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly5:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly50:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly51:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly52:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly53:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly54:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly55:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly56:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly57:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly58:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly59:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly6:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly60:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly61:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly62:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly63:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly65:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly66:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly67:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly69:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly7:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly70:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly71:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly72:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly73:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly74:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly76:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly77:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly78:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly79:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly8:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly80:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly81:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly82:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly83:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly84:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly85:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly86:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly87:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly88:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly89:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly9:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly90:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly91:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly92:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly93:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly94:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly95:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly96:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly97:*:*:*:*:*:* 1 OR
cpe:2.3:a:ferdium:ferdium:6.0.0:nightly98:*:*:*:*:*:* 1 OR
cpe:2.3:a:getferdi:ferdi:*:*:*:*:*:*:*:* 1 OR 5.8.1
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://gist.github.com/omriinbar-cyesec/c1179fe99725d2b828b6573c0d110c9c
https://getferdi.com/
https://github.com/getferdi/ferdi
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-32320
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32320
History
Created Old Value New Value Data Type Notes
2022-07-17 18:00:07 Added to TrackCVE