Lucene search

Alpine Linux Development TeamALPINE:CVE-2022-45173

HistoryApr 14, 2023 - 2:15 p.m.

CVE-2022-45173

2023-04-1414:15:10

Alpine Linux Development Team

security.alpinelinux.org

cve-2022-45173

livebox collaboration

two-factor authentication

bypass

vdesk

api

response modification

totp

application security

unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.1%

JSON

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the application into concluding that the TOTP was correct.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.17-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.18-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.19-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.20-communitynoarchvdesk= 1.2-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.17-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.18-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.19-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.20-community	noarch	vdesk	= 1.2-r1	UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.1%

JSON

Related for ALPINE:CVE-2022-45173