Vulnerability Details CVE-2022-45921
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.7%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-45921
-
cpe:2.3:a:fusionauth:fusionauth:1.37.0
-
cpe:2.3:a:fusionauth:fusionauth:1.37.1
-
cpe:2.3:a:fusionauth:fusionauth:1.37.2
-
cpe:2.3:a:fusionauth:fusionauth:1.38.0
-
cpe:2.3:a:fusionauth:fusionauth:1.38.1
-
cpe:2.3:a:fusionauth:fusionauth:1.39.0
-
cpe:2.3:a:fusionauth:fusionauth:1.40.0
-
cpe:2.3:a:fusionauth:fusionauth:1.40.1
-
cpe:2.3:a:fusionauth:fusionauth:1.40.2
-
cpe:2.3:a:fusionauth:fusionauth:1.41.0
-
cpe:2.3:a:fusionauth:fusionauth:1.41.1
-
cpe:2.3:a:fusionauth:fusionauth:1.41.2