Description
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/5dff7cf9-8bb2-4f67-a02d-b94db5009d70
Patch, Third Party Advisory x_refsource_misc
https://github.com/plankanban/planka/commit/ac1df5201dfdaf68d37f7e1b272bc137870d7418
Scores
CVSS v3
6.5
EPSS
0.0078
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
planka/planka
< 1.5.1
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026