Path Traversal Vulnerability in NVIDIA NeMo ASR WebApp
CVE-2022-22821

2LOW

Key Information:

Vendor: Nvidia
Status: Nemo
Vendor: CVE Published:; 10 January 2022

Summary

A vulnerability has been identified in NVIDIA NeMo's ASR WebApp prior to version 1.6.0, where improper validation of user input allows for a path traversal attack. This can enable an attacker with administrative privileges to access and potentially delete arbitrary directories within the system. Ensuring that the product is updated to version 1.6.0 or later is crucial for maintaining the security and integrity of your environment. For more details, refer to the advisory on GitHub.

References

https://github.com/NVIDIA/NeMo/security/advisories/GHSA-r...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2022
Vulnerability Reserved
Jan 8, 2022