How severe is CVE-2022-39347?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2022-39347?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2022-39347 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.

Related Vulnerabilities

CVE-2016-2205

MEDIUM

CVSS:5.7(Medium)

Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec...

CWE-222016

CVE-2016-5941

MEDIUM

CVSS:5.7(Medium)

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrar...

CWE-222016

CVE-2017-11348

MEDIUM

CVSS:5.7(Medium)

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or mo...

CWE-222017

CVE-2017-15532

MEDIUM

CVSS:5.7(Medium)

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are store...

CWE-222017

CVE-2018-1000161

MEDIUM

CVSS:5.7(Medium)

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is runni...

CWE-222018

CVE-2019-3415

MEDIUM

CVSS:5.7(Medium)

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files.

CWE-222019