Lucene search

K
cve[email protected]CVE-2022-34112
HistoryJul 22, 2022 - 11:15 p.m.

CVE-2022-34112

2022-07-2223:15:08
CWE-732
web.nvd.nist.gov
405
5
cve-2022-34112
access control issue
api
plugin
uninstall
dataease v1.11.1
security vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.8%

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.

Affected configurations

NVD
Node
dataease_projectdataeaseMatch1.11.1
VendorProductVersionCPE
dataease_projectdataease1.11.1cpe:/a:dataease_project:dataease:1.11.1:::

Social References

More

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.8%

Related for CVE-2022-34112