|
[Japanese]
|
JVNDB-2022-002339
|
Multiple vulnerabilities in PukiWiki
|
|
PukiWiki provided by PukiWiki Development Team contains multiple vulnerabilities listed below.
* Path Traversal (CWE-22) - CVE-2022-34486
* Reflected Cross-site Scripting (CWE-79) - CVE-2022-27637
Harold Kim reported these vulnerabilities to the developer and coordinated. After coordination was completed, this case was reported to JPCERT/CC and JPCERT/CC coordinated with the developer for the publication.
|
|
CVSS V3 Severity:
Base Metrics 7.7 (High) [Other]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2022-34486
|
CVSS V3 Severity:
"Base Metrics:6.1 (Medium) [Other]"
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact:
The above CVSS base scores have been assigned for CVE-2022-27637
|
|
|
PukiWiki Developers Team.
- PukiWiki versions 1.4.5 to 1.5.3 - CVE-2022-34486
- PukiWiki versions 1.5.1 to 1.5.3 - CVE-2022-27637
|
|
|
* An administrator of the product may execute a malicious script - CVE-2022-34486
* An arbitrary script may be executed on the web browser of the user who is using the product - CVE-2022-27637
|
|
[Update the Software]
Update the Software to the latest version according to the information provided by the developer.
According to the developer, these vulnerabilities have been fixed in version 1.5.4.
|
|
PukiWiki Developers Team.
|
|
- Path Traversal(CWE-22) [Other]
- Cross-site Scripting(CWE-79) [Other]
|
|
- CVE-2022-34486
- CVE-2022-27637
|
|
- JVN : JVNVU#96002401
|
|
- [2022/08/24]
Web page was published
|
