Exploit
CVE-2022-1554

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: May 3, 2022 / Updated: 31mo ago

010
CVSS 7.5EPSS 0.12%High
CVE info copied to clipboard

Scout is a Variant Call Format (VCF) visualization interface. The Pypi package scout-browser is vulnerable to path traversal due to send_file call in versions prior to 4.52.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2022-1554. See article

May 3, 2022 at 8:34 AM / cve.report
EPSS

EPSS Score was set to: 0.12% (Percentile: 46.2%)

Sep 30, 2023 at 2:34 PM
Static CVE Timeline Graph

Affected Systems

Clinical-genomics/scout
+null more

Exploits

https://huntr.dev/bounties/7acac778-5ba4-4f02-99e2-e4e17a81e600
+null more

Patches

github.com
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

Vendor Advisory

Path Traversal in scout-browser
GitHub Security Advisory: GHSA-694v-63fq-fmr4 Release Date: 2022-05-04 Update Date: 2022-05-18 Severity: Moderate CVE-2022-1554 Base Score: 6.8 Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Package Information Package: scout-browser Affected Versions: Patched Versions: 4.52 Description Scout is a Variant Call Format (VCF) visualization interface.

News

Path Traversal in scout-browser
GitHub Security Advisory: GHSA-694v-63fq-fmr4 Release Date: 2022-05-04 Update Date: 2022-05-18 Severity: Moderate CVE-2022-1554 Base Score: 6.8 Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Package Information Package: scout-browser Affected Versions: Patched Versions: 4.52 Description Scout is a Variant Call Format (VCF) visualization interface.
Medium CVE-2022-1554: Clinical-genomics Scout
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.
🚨 NEW: CVE-2022-1554 🚨 Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. Severity: HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-1554
🚨 NEW: CVE-2022-1554 🚨 Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. Severity: HIGH nvd.nist.gov/vuln/detail/CVE…
CVE-2022-1554
- CVSS Scores & Vulnerability Types If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores.
CVE-2022-1554
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. (CVSS:0.0) (Last Update:2022-05-03)
See 8 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI