Enhancement: cves/2022/CVE-2022-43140.yaml by cs

2023-04-17 08:15:14 -04:00 · 2023-04-17 08:15:14 -04:00 · 8292e138f1
parent 6762cd6b58
commit 8292e138f1
1 changed files with 5 additions and 4 deletions
--- a/cves/2022/CVE-2022-43140.yaml
+++ b/cves/2022/CVE-2022-43140.yaml
@ -3,15 +3,16 @@ id: CVE-2022-43140
 info:
  name: kkFileView 4.1.0 - Server-Side Request Forgery
  author: Co5mos
-  severity: high
+  severity: medium
  description: |
    kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  reference:
    - https://github.com/kekingcn/kkFileView/issues/392
    - https://nvd.nist.gov/vuln/detail/CVE-2022-43140
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
-    cvss-score: 7.5
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cwe-id: CWE-918
    cve-id: CVE-2022-43140
  metadata:
    verified: "true"
@ -30,4 +31,4 @@ requests:
        words:
          - "<h1> Interactsh Server </h1>"

-# Enhanced by md on 2023/04/13
+# Enhanced by cs on 2023/04/17