Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2022-36007

Disclosure Date: August 15, 2022 •

CVE-2022-36007 CVSS v3 Base Score: 3.3

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: [ "/Users/foo/resources" ] When passing relative paths to these two vulnerable functions everything is fine: (load-resource "test.png") => loads the file “/Users/foo/resources/test.png” (load-resource "../resources-alt/test.png") => rejected, outside the load path When passing absolute paths to these two vulnerable functions Venice may return files outside the configured load paths: (load-resource "/Users/foo/resources/test.png") => loads the file “/Users/foo/resources/test.png” (load-resource "/Users/foo/resources-alt/test.png") => loads the file “/Users/foo/resources-alt/test.png” !!! The latter call suffers from the Partial Path Traversal vulnerability. This issue’s scope is limited to absolute paths whose name prefix matches a load path. E.g. for a load-path "/Users/foo/resources", the actor can cause loading a resource also from "/Users/foo/resources-alt", but not from "/Users/foo/images". Versions of Venice before and including v1.10.17 are affected by this issue. Upgrade to Venice >= 1.10.18, if you are on a version < 1.10.18. There are currently no known workarounds.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

3.3 Low

Impact Score:

1.4

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

Low

Integrity (I):

None

Availability (A):

None

References

Canonical

CVE-2022-36007 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36007)

Advisory

https://github.com/jlangch/venice/security/advisories/GHSA-4mmh-5vw7-rgvj

Miscellaneous

https://github.com/jlangch/venice/commit/215ae91bb964013b0a2d70718a692832d561ae0a

https://github.com/jlangch/venice/commit/c942c73136333bc493050910f171a48e6f575b23

https://github.com/jlangch/venice/releases/tag/v1.10.17

Rapid7

Unknown

CVE-2022-36007

Unknown

Unknown

None

Low

Local

CVE-2022-36007

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2022-36007

Unknown

Unknown

None

Low

Local

CVE-2022-36007

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification