CVE-2022-45921

CVSS V2 None CVSS V3 None
Description
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.
Overview
  • CVE ID
  • CVE-2022-45921
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-28T21:15:10.747
  • Last Modified Date
  • 2022-12-01T23:07:57.327
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:fusionauth:fusionauth:*:*:*:*:*:*:*:* 1 OR 1.37.0 1.41.3
References
Reference URL Reference Tags
https://fusionauth.io/docs/v1/tech/release-notes Release Notes Vendor Advisory
https://github.com/FusionAuth/fusionauth-issues/issues/1983 Issue Tracking Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-12-07 18:05:21 Added to TrackCVE