CVE-2022-0074

Name of the Vulnerable Software and Affected Versions OpenLiteSpeed Web Server versions 1.6.15 through 1.7.16.1 LiteSpeed Web Server Container versions 1.6.15 through 1.7.16.1

Description The issue is related to an Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container, which allows Privilege Escalation. This can be exploited by a remote attacker to elevate their privileges.

Recommendations For OpenLiteSpeed Web Server versions 1.6.15 through 1.7.16.1, update to version 1.7.16.1 or later to resolve the issue. For LiteSpeed Web Server Container versions 1.6.15 through 1.7.16.1, update to version 1.7.16.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the web server to minimize the risk of exploitation.