CVE-2022-32320

A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/omriinbar-cyesec/c1179fe99725d2b828b6573c0d110c9c	Third Party Advisory
https://getferdi.com/	Product
https://github.com/getferdi/ferdi	Third Party Advisory

Configurations

Configuration 1

cpe:2.3:a:getferdi:ferdi:*:*:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly98:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly97:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly96:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly95:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly94:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly93:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly92:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly91:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly90:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly89:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly88:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly87:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly86:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly85:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly84:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly83:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly82:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly81:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly80:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly79:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly78:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly76:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly77:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly74:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly73:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly72:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly71:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly70:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly69:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly67:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly66:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly65:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly63:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly62:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly61:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly60:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly59:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly58:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly57:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly56:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly55:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly54:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly53:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly52:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly51:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly50:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly49:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly48:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly47:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly46:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly45:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly44:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly43:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly42:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly41:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly40:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly39:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly38:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly37:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly36:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly35:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly34:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly33:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly32:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly31:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly30:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly29:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly28:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly27:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly26:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly25:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly24:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly23:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly22:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly21:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly20:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly19:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly18:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly17:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly16:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly15:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly14:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly13:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly12:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly11:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly10:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly9:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly8:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly7:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly6:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly5:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly4:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly3:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly2:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:nightly1:*:*:*:*:*:*

cpe:2.3:a:ferdium:ferdium:6.0.0:-:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-17 05:15

Updated : 2022-07-25 07:04

NVD link : CVE-2022-32320

Mitre link : CVE-2022-32320

Products Affected

No products.

CWE

CWE-352