Lucene search

Alpine Linux Development TeamALPINE:CVE-2022-45177

HistoryFeb 21, 2024 - 4:15 p.m.

CVE-2022-45177

2024-02-2116:15:49

Alpine Linux Development Team

security.alpinelinux.org

cve-2022-45177

observable response discrepancy

api v1

user isenableuser

sharedsearch

unauthorized access

information disclosure

web application

internal state information

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

28.7%

JSON

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.19-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.20-communitynoarchvdesk= 1.2-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.19-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.20-community	noarch	vdesk	= 1.2-r1	UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

28.7%

JSON

Related for ALPINE:CVE-2022-45177