QwikSec

Security Database

CVE

CWE

Training

CVE-2022-4563

Published: Dec 16, 2022

Modified: Apr 15, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972.

Vendor	Product	Versions
Freedom of the Press	SecureDrop	affected `n/a`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/freedomofpress/securedrop/pull/6704

https://github.com/freedomofpress/securedrop/commit/b0526a06f8ca713cce74b63e00d3730618d89691

https://vuldb.com/?id.215972

https://github.com/freedomofpress/securedrop/compare/2.5.0...2.5.1

https://securedrop.org/news/2_5_1-security-advisory/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.