CVE-2022-23497

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-200
View all →

Vulnerability Description

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`.

Related Vulnerabilities

CVE-2010-1432

HIGH
CVSS:7.5(High)

Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5...

CWE-2002010

CVE-2010-2450

HIGH
CVSS:7.5(High)

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default ...

CWE-2002010

CVE-2011-2480

HIGH
CVSS:7.5(High)

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allo...

CWE-2002011

CVE-2011-3269

HIGH
CVSS:7.5(High)

Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.

CWE-2002011

CVE-2011-3613

HIGH
CVSS:7.5(High)

An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.

CWE-2002011