CVE-2022-2653

medium

Description

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.

References

https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70

https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418

Details

Source: Mitre, NVD

Published: 2022-08-04

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00088