CVE-2022-23609 Vulnerability Details

  /     /     /  

CVE-2022-23609 Metadata Quick Info

CVE Published: 04/02/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: GitHub_M | Vendor: bildsben | Product: iTunesRPC-Remastered
Status : PUBLISHED

---

CVE-2022-23609 Description

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file deletion only limited by the process permissions. Users are advised to upgrade as soon as possible.

Metrics

CVSS Version: 3.1 | Base Score: 8.3 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-22
CWE Name: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ( Path Traversal )
Source: bildsben

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).