Arbitrary file access in KodExplorer
CVE-2022-46154

8.6HIGH

Key Information:

Vendor: Kalcaddle
Status: Kodexplorer
Vendor: CVE Published:; 6 December 2022

What is CVE-2022-46154?

Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue.

Affected Version(s)

KodExplorer < 4.50

References

https://github.com/kalcaddle/KodExplorer/security/advisor...

x_refsource_CONFIRM

https://github.com/kalcaddle/KodExplorer/commit/1f7072c0e...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 6, 2022
Vulnerability Reserved
Nov 28, 2022

JSON

Kalcaddle

What is CVE-2022-46154?

Affected Version(s)

References

CVSS V3.1

Timeline