CVE-2022-3560

EPSS 0.03% · P10 Updated Mar 27, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-3560

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

pesign 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

pesign是PE-COFF 二进制文件的签名工具，希望至少模糊地符合PE和Authenticode 规范。 pesign 存在安全漏洞。攻击者利用该漏洞通过路径遍历攻击访问特权文件和目录。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	pesign	All versions up to pesign-115	-

II. Public POCs for CVE-2022-3560

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-3560

请登录查看更多情报信息。

Same Patch Batch · n/a · 2023-02-02 · 23 CVEs total

CVE-2023-25014	8.6 HIGH	TYPO3 访问控制错误漏洞
CVE-2023-25013	8.6 HIGH	TYPO3 访问控制错误漏洞
CVE-2022-46965	8.1 HIGH	PrestaShop SQL注入漏洞
CVE-2023-0651	6.3 MEDIUM	FastCMS Template Management unrestricted upload
CVE-2023-0649	6.3 MEDIUM	dst-admin sendBroadcast command injection
CVE-2023-0648	6.3 MEDIUM	dst-admin masterConsole command injection
CVE-2023-0647	6.3 MEDIUM	dst-admin kickPlayer command injection
CVE-2023-0646	6.3 MEDIUM	dst-admin cavesConsole command injection
CVE-2023-0650	3.5 LOW	YAFNET Signature cross site scripting
CVE-2023-23119		Ubiquiti airFiber 安全漏洞
CVE-2023-25015		Clockwork Web 跨站请求伪造漏洞
CVE-2023-23120		TRENDnet TV-IP651WI 安全漏洞
CVE-2020-24307		mRemoteNG 安全漏洞
CVE-2023-23110		NETGEAR D6100 安全漏洞
CVE-2022-48140		Desdev DedeCMS 跨站脚本漏洞
CVE-2022-48130		Tenda W20E 缓冲区错误漏洞
CVE-2022-48114		RuoYi SQL注入漏洞
CVE-2022-48113		TOTOLINK N200RE 信任管理问题漏洞
CVE-2022-48082		Easyone CRM SQL注入漏洞
CVE-2022-48079		aaPanel 安全漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: pesign

CVE-2022-1249
RedHat pesign 代码问题漏洞

Same vendor: n/a

Same weakness: CWE-22

V. Comments for CVE-2022-3560

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-3560

I. Basic Information for CVE-2022-3560

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-3560

III. Intelligence Information for CVE-2022-3560

Same Patch Batch · n/a · 2023-02-02 · 23 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-3560

Leave a comment