CVE-2022-30299

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.

Published: Feb 16, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-30299
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	6.4.0	6.4.0.x
fortinet / fortiweb	6.4.1	6.4.1.x
fortinet / fortiweb	6.4.2	6.4.2.x
fortinet / fortiweb	7.0.0	7.0.0.x
fortinet / fortiweb	7.0.1	7.0.1.x
fortinet / fortiweb	6.0.0	6.0.8.x
fortinet / fortiweb	6.1.0	6.1.3.x
fortinet / fortiweb	6.2.0	6.2.7.x
fortinet / fortiweb	6.3.0	6.3.20

https://fortiguard.com/psirt/FG-IR-22-146

Vulnerability Database

289,784

CVE-2022-30299