Lucene search

@huntrdevCVELIST:CVE-2022-0721

HistoryFeb 23, 2022 - 10:30 a.m.

CVE-2022-0721 Insertion of Sensitive Information Into Debugging Code in microweber/microweber

2022-02-2310:30:11

CWE-215

@huntrdev

www.cve.org

github repository

microweber

security vulnerability

sensitive information

debugging code

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.4%

JSON

Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.

CNA Affected

[
  {
    "product": "microweber/microweber",
    "vendor": "microweber",
    "versions": [
      {
        "lessThan": "1.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/microweber/microweber/commit/b12e1a490c79460bff019f34b2e17112249b16ec

huntr.dev/bounties/ae267d39-9750-4c69-be8b-4f915da089fb

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.4%

JSON

Related for CVELIST:CVE-2022-0721