CVE-2022-0074

Published: Oct 27, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.

Affected (1)

Products: Litespeedtech: Openlitespeed

Litespeedtech

1 product

Openlitespeed

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Litespeedtech Openlitespeed	From 1.6.15 to 1.7.16.1

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (2)

https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29

Source: psirt@paloaltonetworks.com

ExploitThird Party Advisory

https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.