Lucene search

GitHub_MCVELIST:CVE-2022-24781

HistoryMar 24, 2022 - 8:25 p.m.

CVE-2022-24781 Malicious users can take over the session of other players

2022-03-2420:25:10

CWE-384

GitHub_M

www.cve.org

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

0.001 Low

EPSS

Percentile

25.9%

JSON

Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists.

CNA Affected

[
  {
    "product": "Geon",
    "vendor": "math-geon",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.1.0"
      }
    ]
  }
]

References

github.com/math-geon/Geon/commit/005456d752d5434b60026edbc83b2665b8557d19

github.com/math-geon/Geon/releases/tag/v1.1.0

github.com/math-geon/Geon/security/advisories/GHSA-4fv9-g2jh-j5xm

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

0.001 Low

EPSS

Percentile

25.9%

JSON

Related for CVELIST:CVE-2022-24781