Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save garakh/e0e2fe6d6e234f0595dea6a8141568f2 to your computer and use it in GitHub Desktop.
Save garakh/e0e2fe6d6e234f0595dea6a8141568f2 to your computer and use it in GitHub Desktop.
Description of CVE-2022-25266, CVE-2022-25267, CVE-2022-25268, CVE-2022-25269
CVE-2022-25266
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).
After authorization with the Owner account, it will be possible to read files located outside the web directory on the server
Discoverer: Positive technologies, Arian Rakhimi
CVE-2022-25267
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).
After logging in with the Owner account, an intruder has the ability to upload arbitrary files by sending specially generated HTTP requests
Discoverer: Positive technologies, Arian Rakhimi
CVE-2022-25268
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.
CSRF token value does not change during the session and can be obtained by an attacker as a result of exploitation of the "Cross-site scripting" vulnerability.
Discoverer: Positive technologies, Arian Rakhimi
CVE-2022-25269
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.
An attacker can inject arbitrary HTML tags, including JavaScript scripts, into a page processed by a user's browser
Discoverer: Positive technologies, Roman Poneev
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment