Lucene search

GoogleOSV:BIT-PUBLIFY-2022-0574

HistoryMar 06, 2024 - 11:04 a.m.

BIT-publify-2022-0574

2024-03-0611:04:02

Google

osv.dev

github

access control

publify

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

30.0%

JSON

Improper Access Control in GitHub repository publify/publify prior to 9.2.8.

References

github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739

huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

30.0%

JSON

Related for OSV:BIT-PUBLIFY-2022-0574