{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-0072","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","state":"PUBLISHED","assignerShortName":"palo_alto","requesterUserId":"4bdfcd35-6352-4419-9b3e-118da80d0642","dateReserved":"2021-12-28T23:57:03.295Z","datePublished":"2022-10-27T19:28:49.031Z","dateUpdated":"2025-05-09T19:18:17.065Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"OpenLiteSpeed Web Server","repo":"https://github.com/litespeedtech/openlitespeed","vendor":"LiteSpeed Technologies","versions":[{"lessThanOrEqual":"1.5.12","status":"affected","version":"1.5.11","versionType":"custom"},{"lessThanOrEqual":"1.6.20.1","status":"affected","version":"1.6.5","versionType":"custom"},{"lessThan":"1.7.16.1","status":"affected","version":"1.7.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"LiteSpeed Web Server","vendor":"LiteSpeed Technologies","versions":[{"lessThanOrEqual":"1.5.12","status":"affected","version":"1.5.11","versionType":"custom"},{"lessThanOrEqual":"1.6.20.1","status":"affected","version":"1.6.5","versionType":"custom"},{"lessThan":"1.7.16.1","status":"affected","version":"1.7.0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1"}],"value":"Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1"}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.8,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2022-11-04T20:49:55.443Z"},"references":[{"url":"https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061"},{"url":"https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061"}],"source":{"discovery":"EXTERNAL"},"title":"Directory Traversal in OpenLiteSpeed Web Server","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:18:41.599Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061","tags":["x_transferred"]},{"url":"https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-09T19:18:00.655604Z","id":"CVE-2022-0072","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-09T19:18:17.065Z"}}]}}