CVE-2022-32320
high-risk
Published 2022-07-17
A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file.
Do I need to act?
-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
Ferdium
References (6)
Product
https://getferdi.com/
Third Party Advisory
https://gist.github.com/omriinbar-cyesec/c1179fe99725d2b828b6573c0d110c9c
Third Party Advisory
https://github.com/getferdi/ferdi
Product
https://getferdi.com/
Third Party Advisory
https://gist.github.com/omriinbar-cyesec/c1179fe99725d2b828b6573c0d110c9c
Third Party Advisory
https://github.com/getferdi/ferdi
61
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
1/34 · Minimal
Exposure
30/34 · Critical