Lucene search

[email protected]NVD:CVE-2022-46997

HistoryDec 14, 2022 - 3:15 p.m.

CVE-2022-46997

2022-12-1415:15:10

[email protected]

web.nvd.nist.gov

passhunt

commit

vulnerability

request package

code execution

backdoor

sensitive user information

digital currency keys

escalate privileges

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.5%

JSON

Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Affected configurations

Nvd

Node

passhunt_projectpasshuntMatch-

VendorProductVersionCPE
passhunt_projectpasshunt-cpe:2.3:a:passhunt_project:passhunt:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
passhunt_project	passhunt	-	cpe:2.3:a:passhunt_project:passhunt:-:::::::*

References

github.com/Viralmaniar/Passhunt/

github.com/Viralmaniar/Passhunt/issues/14

mirrors.neusoft.edu.cn/pypi/web/simple/request/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.5%

JSON

Related for NVD:CVE-2022-46997

prion1 cvelist1 cve1