Lucene search

[email protected]CVE-2022-34621

HistoryAug 19, 2022 - 2:15 p.m.

CVE-2022-34621

2022-08-1914:15:08

CWE-639

[email protected]

web.nvd.nist.gov

mealie

cve-2022-34621

insecure direct object reference

idor

user passwords

vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

46.9%

JSON

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.

Affected configurations

NVD

Node

mealiemealieMatch0.5.5

mealiemealieMatch1.0.0beta3

CPENameOperatorVersion
mealie:mealiemealieeq0.5.5
mealie:mealiemealieeq1.0.0

CPE	Name	Operator	Version
mealie:mealie	mealie	eq	0.5.5
mealie:mealie	mealie	eq	1.0.0

References

cwe.mitre.org/data/definitions/639.html

docs.mealie.io/changelog/v0.5.6/

gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/

hub.docker.com/r/hkotel/mealie

portswigger.net/web-security/access-control/idor

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for CVE-2022-34621

prion1 cvelist1 nvd1 osv3