Arbitrary File Upload Vulnerability in Keystone by KeystoneJS
CVE-2022-29354

9.8CRITICAL

Key Information:

Vendor: Keystonejs
Status: Keystone
Vendor: CVE Published:; 16 May 2022

What is CVE-2022-29354?

Keystone v4.2.1 contains an arbitrary file upload vulnerability in its file upload module, enabling attackers to upload crafted files that can execute arbitrary code on the server. This flaw poses significant security risks, potentially allowing unauthorized access and control over affected systems. It is crucial for users to implement appropriate security measures and updates to mitigate this vulnerability.

References

https://www.youtube.com/watch?v=DOM20FKpQQw

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2022
Vulnerability Reserved
Apr 16, 2022

CVE-2022-29354 Data

JSON

Keystonejs

What is CVE-2022-29354?

References

CVSS V3.1

Timeline