Lucene search
Fluid AttacksCVE-2022-4235HistoryJan 18, 2023 - 10:15 p.m.
CVE-2022-4235
2023-01-1822:15:10
CWE-79
Fluid Attacks
web.nvd.nist.gov
17
cve-2022-4235
rushbet
security vulnerability
remote attack
customer accounts
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
31.7%
RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives.
Affected configurations
Node
rushstreetinteractiverushbetMatch2022.23.1-b490616d
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rushstreetinteractive | rushbet | 2022.23.1-b490616d | cpe:2.3:a:rushstreetinteractive:rushbet:2022.23.1-b490616d:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "RushBet",
"versions": [
{
"version": "2022.23.1-b490616d",
"status": "affected"
}
]
}
]References
Related
prion
prion
Design/Logic Flaw
2023-01-18 22:15:00
cvelist
cvelist
CVE-2022-4235
2023-01-18 00:00:00
nvd
nvd
CVE-2022-4235
2023-01-18 22:15:10
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
31.7%
Related for CVE-2022-4235