Lucene search

@huntrdevCVELIST:CVE-2022-1698

HistoryMay 12, 2022 - 3:20 p.m.

CVE-2022-1698 Allowing long password leads to denial of service in causefx/organizr

2022-05-1215:20:15

CWE-191

@huntrdev

www.cve.org

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

0.001 Low

EPSS

Percentile

38.1%

JSON

Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

CNA Affected

[
  {
    "product": "causefx/organizr",
    "vendor": "causefx",
    "versions": [
      {
        "lessThan": "2.1.2000",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56

huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

0.001 Low

EPSS

Percentile

38.1%

JSON

Related for CVELIST:CVE-2022-1698