PT-2022-2285 · Swhkd · Swhkd
Mgerstner
·
Published
2022-03-29
·
Updated
2022-04-14
·
CVE-2022-27818
CVSS v2.0
9.4
Critical
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SWHKD version 1.1.5
Description
The issue is related to the unsafe use of the
/tmp/swhkd.sock pathname by SWHKD, which can lead to an information leak or denial of service. This could potentially allow a remote attacker to access protected information or cause a service disruption.Recommendations
For SWHKD version 1.1.5, consider restricting access to the
/tmp/swhkd.sock socket file as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Swhkd