CVE-2022-42706

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-42706
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-42706.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-42706
Downstream
Published
2022-12-05T21:15:10Z
Modified
2025-10-15T04:33:44Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events