CVE-2022-4235

2023-01-1800:00:00

Fluid Attacks

www.cve.org

rushbet

customer accounts

remote attacker

malicious application

activity

data validation

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

31.7%

JSON

RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "RushBet",
    "versions": [
      {
        "version": "2022.23.1-b490616d",
        "status": "affected"
      }
    ]
  }
]

References

fluidattacks.com/advisories/miller/