Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-4773— cloudsync LocalFilesystemConnector.java getItem path traversal

CVSS 2.5 · Low EPSS 0.14% · P34
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-4773

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
cloudsync LocalFilesystemConnector.java getItem path traversal
Source: NVD (National Vulnerability Database)
Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
cloudsync 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
cloudsync是Holger Hees个人开发者的一个私人数据的完整备份解决方案。在 linux、windows 和 osx 上增量同步本地文件系统,并使用谷歌驱动器 simliar 加密到 rsync。 cloudsync存在路径遍历漏洞,该漏洞源于文件src/main/java/cloudsync/connector/LocalFilesystemConnector.java的函数getItem存在问题,会导致路径遍历。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-cloudsync n/a -

II. Public POCs for CVE-2022-4773

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-4773

Please Login to view more intelligence information

Same Patch Batch · n/a · 2022-12-27 · 26 CVEs total

CVE-2021-42905.5 MEDIUMDHBW Fallstudie Login passport.js sql injection
CVE-2022-47485.5 MEDIUMFlatPress File Delete panel.mediamanager.file.php doItemActions path traversal
CVE-2022-47724.5 MEDIUMWidoco WidocoUtils.java unZipIt path traversal
CVE-2022-47664.3 MEDIUMdolibarr_project_timesheet Form cross-site request forgery
CVE-2020-366334.3 MEDIUMmoodle-block_sitenews block_sitenews.php get_content cross-site request forgery
CVE-2019-250913.7 LOWnsupdate.info CSRF Cookie base.py cookie httponly flag
CVE-2015-100053.5 LOWmarkdown-it html_re.js redos
CVE-2022-47553.5 LOWFlatPress Media Manager Plugin panel.mediamanager.file.php main cross site scripting
CVE-2018-250493.0 LOWemail-existence index.js redos
CVE-2022-47968Heimdal 跨站脚本漏洞
CVE-2022-46442DedeCMS SQL注入漏洞
CVE-2022-45963H3C Firewall 安全漏洞
CVE-2022-45778Hillstone Networks Firewall 安全漏洞
CVE-2022-45434Dahua software products 授权问题漏洞
CVE-2022-45433Dahua software products 授权问题漏洞
CVE-2022-45432Dahua software products 授权问题漏洞
CVE-2022-45431Dahua software products 授权问题漏洞
CVE-2022-45430Dahua software products 授权问题漏洞
CVE-2022-45429Dahua software products 代码问题漏洞
CVE-2022-45428Dahua software products 安全漏洞

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-22

V. Comments for CVE-2022-4773

No comments yet

Leave a comment