CVE-2023-22892

Published: Mar 8, 2023Modified: Mar 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.

Affected (1)

Products: Smartbear: Zephyr Enterprise

Smartbear

1 product

Zephyr Enterprise

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Smartbear Zephyr Enterprise	Up to 7.15

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://smartbear.com/security/cve/

Source: cve@mitre.org

Vendor Advisory

https://smartbear.com/security/cve/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.