Lucene search

GitHub_MCVE-2022-31164

HistoryJul 22, 2022 - 4:15 a.m.

CVE-2022-31164

2022-07-2204:15:14

CWE-287

GitHub_M

web.nvd.nist.gov

tovy

staff management system

roblox

vulnerability

unauthorized access

patch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.7%

JSON

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51.

Affected configurations

Nvd

Vulners

Node

tovybloxtovyRange<0.7.51

VendorProductVersionCPE
tovybloxtovy*cpe:2.3:a:tovyblox:tovy:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tovyblox	tovy	*	cpe:2.3:a:tovyblox:tovy::::::::

CNA Affected

[
  {
    "product": "tovy",
    "vendor": "tovyblox",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.7.51"
      }
    ]
  }
]

References

github.com/tovyblox/tovy/pull/63

github.com/tovyblox/tovy/security/advisories/GHSA-j6f8-wh4v-jc37

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.7%

JSON

Related for CVE-2022-31164