Vulnerability Details CVE-2022-29620
FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://whichbuffer.medium.com/filezilla-client-cleartext-storage-of-sensitive-information-in-memory-vulnerability-83958c1e1643
- https://youtu.be/ErZl1i7McHk
- https://youtu.be/eSlfQQytIq0
- https://whichbuffer.medium.com/filezilla-client-cleartext-storage-of-sensitive-information-in-memory-vulnerability-83958c1e1643
- https://youtu.be/ErZl1i7McHk
- https://youtu.be/eSlfQQytIq0
Products affected by CVE-2022-29620
-
cpe:2.3:a:filezilla-project:filezilla_client:3.59.0