Lucene search

K
cve[email protected]CVE-2022-34112
HistoryJul 22, 2022 - 11:15 p.m.

CVE-2022-34112

2022-07-2223:15:08
CWE-732
web.nvd.nist.gov
403
5
cve-2022-34112
access control issue
api
plugin
uninstall
dataease v1.11.1
security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

19.8%

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.

Affected configurations

NVD
Node
dataease_projectdataeaseMatch1.11.1

Social References

More

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

19.8%

Related for CVE-2022-34112