CVE-2022-29620
MEDIUMFileZilla 3.59.0 - Cleartext Storage of Sensitive Information in Memory
Title source: llmDescription
FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://youtu.be/eSlfQQytIq0
Exploit, Third Party Advisory x_refsource_misc
https://whichbuffer.medium.com/filezilla-client-cleartext-storage-of-sensitive-information-in-memory-vulnerability-83958c1e1643
Exploit, Third Party Advisory x_refsource_misc
https://youtu.be/ErZl1i7McHk
Scores
CVSS v3
6.5
EPSS
0.0169
EPSS Percentile
74.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
filezilla-project/filezilla_client
3.59.0
Published
Jun 07, 2022
Tracked Since
Feb 18, 2026