CVE-2022-25377

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-25377
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25377.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-25377
Aliases
Published
2024-02-22T22:15:47Z
Modified
2024-10-08T00:39:47Z
Summary
[none]
Details

The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)

References

Affected packages

Git / github.com/appwrite/appwrite

Affected ranges

Type
GIT
Repo
https://github.com/appwrite/appwrite
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed