Lucene search

MitreCVE-2022-27817

HistoryApr 14, 2022 - 5:15 p.m.

CVE-2022-27817

2022-04-1417:15:11

CWE-668

mitre

web.nvd.nist.gov

cve-2022-27817

swhkd 1.1.5

keyboard events

information leak

denial of functionality

nvd

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

4.6

Confidence

High

EPSS

Percentile

12.8%

JSON

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality.

Affected configurations

Nvd

Node

waycrateswhkdMatch1.1.5

VendorProductVersionCPE
waycrateswhkd1.1.5cpe:2.3:a:waycrate:swhkd:1.1.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
waycrate	swhkd	1.1.5	cpe:2.3:a:waycrate:swhkd:1.1.5:::::::*

References

github.com/waycrate/swhkd/releases

www.openwall.com/lists/oss-security/2022/04/14/1

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

4.6

Confidence

High

EPSS

Percentile

12.8%

JSON

Related for CVE-2022-27817