CVE-2022-45968

High

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password…

mitre·CWE-281·Published 2022-12-12

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

149 chars

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).

NVDen

149 chars

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).

OSV.deven

86 chars

AList vulnerable to Improper Preservation of Permissions in github.com/alist-org/alist

GHSAen

181 chars

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). Version 3.5.1 contains a patch.

NVDes

197 chars

Alist v3.4.0 es vulnerable a la carga de archivos. Un usuario con permiso únicamente para cargar archivos puede cargar cualquier archivo en cualquier carpeta (incluso una protegida con contraseña).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H