CVE-2022-2653

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-2653

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2653.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-2653

Published

2022-08-04T09:35:25Z

Modified

2025-11-28T02:34:44.424900Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

Path Traversal in plankanban/planka

Details

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2653.json",
    "cna_assigner": "@huntrdev"
}

References

Affected packages

Git / github.com/plankanban/planka

Affected ranges

Type: GIT
Repo: https://github.com/plankanban/planka
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ac1df5201dfdaf68d37f7e1b272bc137870d7418

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2653.json"