Lucene search

GitHub_MCVELIST:CVE-2022-31164

HistoryJul 21, 2022 - 1:35 p.m.

CVE-2022-31164 Tovy before v0.7.51 vulnerable to users logging in as and impersonating other users

2022-07-2113:35:11

CWE-287

GitHub_M

www.cve.org

tovy

user impersonation

v0.7.51

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.7%

JSON

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51.

CNA Affected

[
  {
    "product": "tovy",
    "vendor": "tovyblox",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.7.51"
      }
    ]
  }
]

References

github.com/tovyblox/tovy/pull/63

github.com/tovyblox/tovy/security/advisories/GHSA-j6f8-wh4v-jc37

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.7%

JSON

Related for CVELIST:CVE-2022-31164