Lucene search

MitreCVE-2022-34615

HistoryAug 19, 2022 - 2:15 p.m.

CVE-2022-34615

2022-08-1914:15:08

CWE-521

mitre

web.nvd.nist.gov

cve-2022-34615

mealie

weak password

unauthorized access

brute-force attacks

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

57.5%

JSON

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.

Affected configurations

Nvd

Node

mealiemealieMatch0.5.5

mealiemealieMatch1.0.0beta3

VendorProductVersionCPE
mealiemealie0.5.5cpe:2.3:a:mealie:mealie:0.5.5:*:*:*:*:*:*:*
mealiemealie1.0.0cpe:2.3:a:mealie:mealie:1.0.0:beta3:*:*:*:*:*:*

Vendor	Product	Version	CPE
mealie	mealie	0.5.5	cpe:2.3:a:mealie:mealie:0.5.5:::::::*
mealie	mealie	1.0.0	cpe:2.3:a:mealie:mealie:1.0.0:beta3::::::

References

cwe.mitre.org/data/definitions/521.html

docs.mealie.io/changelog/v0.5.6/

gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/

hub.docker.com/r/hkotel/mealie

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

57.5%

JSON

Related for CVE-2022-34615