Lucene search

[email protected]NVD:CVE-2022-36521

HistoryAug 26, 2022 - 2:15 p.m.

CVE-2022-36521

2022-08-2614:15:08

CWE-306

[email protected]

web.nvd.nist.gov

insecure permissions

cskefu v7.0.1

unauthenticated attackers

administrator accounts

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

35.7%

JSON

Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.

Affected configurations

Nvd

Node

cskefucskefuMatch7.0.1

VendorProductVersionCPE
cskefucskefu7.0.1cpe:2.3:a:cskefu:cskefu:7.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cskefu	cskefu	7.0.1	cpe:2.3:a:cskefu:cskefu:7.0.1:::::::*

References

github.com/chatopera/cskefu/issues/724

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

35.7%

JSON

Related for NVD:CVE-2022-36521

prion1 cve1 cvelist1 osv1