Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-45170HistoryApr 14, 2023 - 2:15 p.m.
CVE-2022-45170
2023-04-1414:15:10
Alpine Linux Development Team
security.alpinelinux.org
18
cve-2022-45170
livebox collaboration
vdesk
cryptographic issue
api endpoint
decipher
file
user account
unix
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.8%
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim’s account, is able to decipher a file without knowing the key set by the user.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | vdesk | = 1.2-r1 | UNKNOWN |
| Alpine | 3.17-community | noarch | vdesk | = 1.2-r1 | UNKNOWN |
| Alpine | 3.18-community | noarch | vdesk | = 1.2-r1 | UNKNOWN |
| Alpine | 3.19-community | noarch | vdesk | = 1.2-r1 | UNKNOWN |
| Alpine | 3.20-community | noarch | vdesk | = 1.2-r1 | UNKNOWN |
Related
cvelist
cvelist
CVE-2022-45170
2023-04-14 00:00:00
prion
prion
Design/Logic Flaw
2023-04-14 14:15:00
cve
cve
CVE-2022-45170
2023-04-14 14:15:10
nvd
nvd
CVE-2022-45170
2023-04-14 14:15:10
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.8%
Related for ALPINE:CVE-2022-45170