The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

Related CVEs

CVE-2022-45140

Key Information

GHSA ID

GHSA-4p8v-g44f-p8hp

Published

February 27, 2023 3:30 PM

Last Modified

February 27, 2023 3:30 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 10, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.