CVE-2022-23409 – ether/logs

Package

Manager: composer
Name: ether/logs
Vulnerable Version: >=0 <3.0.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05057 pctl0.89368

Details

Path Traversal in the Logs plugin for Craft CMS The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.

Metadata

Created: 2022-02-01T00:01:00Z
Modified: 2022-02-08T16:08:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-9chx-2vqw-8vq5/GHSA-9chx-2vqw-8vq5.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-9chx-2vqw-8vq5
Finding: F063
Auto approve: 1