Vulnerability Details CVE-2022-44216
Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.5%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2
- https://gratis-herring-da5.notion.site/Gnuboard-Account-Takeover-version-5-5-4-5-5-5-2f69b0a21be642f58d8b7c72feea343a
- https://sir.kr/g5_pds/6400
- https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2
- https://gratis-herring-da5.notion.site/Gnuboard-Account-Takeover-version-5-5-4-5-5-5-2f69b0a21be642f58d8b7c72feea343a
- https://sir.kr/g5_pds/6400