CVE-2022-43451

Published: Nov 3, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges.

Affected (1)

Products: Openharmony: Openharmony

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openharmony Openharmony	From 3.1 to 3.1.2

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md

Source: scy@openharmony.io

Third Party Advisory

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.