Vulnerability DatabaseCVE-2022-4665

CVE-2022-4665:
Linux Ubuntu vulnerability analysis and mitigation

Overview

Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2022-4665) was discovered in GitHub repository ampache/ampache prior to version 5.5.6. The vulnerability was identified and disclosed on December 22, 2022 (NVD).

Technical details

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and affects the file upload functionality in the application (NVD).

Impact

The vulnerability could allow an attacker to upload files with dangerous types, potentially leading to high impacts on confidentiality, integrity, and availability of the system as indicated by the CVSS score (NVD).

Mitigation and workarounds

The vulnerability has been fixed in version 5.5.6 of ampache/ampache. Users should upgrade to this version or later to mitigate the risk. The fix includes implementation of proper validation for image file extensions during art uploads (GitHub Patch).

Additional resources

Source: This report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-23399	MEDIUM	6.5	Linux Kernel	kernel-rt-debug-modules-extra	No	Yes	Mar 28, 2026
CVE-2026-0966	MEDIUM	6.5	Linux Debian	seal-libssh	No	Yes	Mar 26, 2026
CVE-2026-0968	LOW	3.1	Linux Debian	libssh4	No	Yes	Mar 26, 2026
CVE-2026-0967	LOW	2.2	Linux Debian	libssh-config	No	Yes	Mar 26, 2026
CVE-2026-23400	N/A	N/A	Linux Debian	linux-azure-fips	No	No	Mar 29, 2026