CVE-2022-25010

Published: Mar 1, 2022Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system.

Affected (6)

Products: Stepmania: Stepmania

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Stepmania Stepmania	Up to 5.0.12
Stepmania Stepmania	Version 5.1.0 alpha2
Stepmania Stepmania	Version 5.1.0 alpha3
Stepmania Stepmania	Version 5.1.0 alpha
Stepmania Stepmania	Version 5.1.0 beta1
Stepmania Stepmania	Version 5.1.0 beta2

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://github.com/stepmania/stepmania/pull/2184

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/stepmania/stepmania/pull/2184

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.