Lucene search

@huntrdevCVELIST:CVE-2022-0514

HistoryMar 21, 2022 - 6:50 p.m.

CVE-2022-0514 Business Logic Errors in crater-invoice/crater

2022-03-2118:50:16

CWE-840

@huntrdev

www.cve.org

cve-2022-0514

github repository

business logic errors

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.2%

JSON

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.

CNA Affected

[
  {
    "product": "crater-invoice/crater",
    "vendor": "crater-invoice",
    "versions": [
      {
        "lessThan": "6.0.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679

huntr.dev/bounties/af08000d-9f4a-4743-865d-5d5cdaf7fb27

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.2%

JSON

Related for CVELIST:CVE-2022-0514