Headline
CVE-2022-25269: Description of CVE-2022-25266, CVE-2022-25267, CVE-2022-25268, CVE-2022-25269
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.
CVE-2022-25266
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).
After authorization with the Owner account, it will be possible to read files located outside the web directory on the server
Discoverer: Positive technologies, Arian Rakhimi
CVE-2022-25267
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).
After logging in with the Owner account, an intruder has the ability to upload arbitrary files by sending specially generated HTTP requests
Discoverer: Positive technologies, Arian Rakhimi
CVE-2022-25268
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.
CSRF token value does not change during the session and can be obtained by an attacker as a result of exploitation of the “Cross-site scripting” vulnerability.
Discoverer: Positive technologies, Arian Rakhimi
CVE-2022-25269
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.
An attacker can inject arbitrary HTML tags, including JavaScript scripts, into a page processed by a user’s browser
Discoverer: Positive technologies, Roman Poneev