Lucene search

GoogleOSV:CVE-2022-3242

HistorySep 20, 2022 - 11:15 a.m.

CVE-2022-3242

2022-09-2011:15:09

Google

osv.dev

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.021 Low

EPSS

Percentile

89.1%

JSON

Code Injection in GitHub repository microweber/microweber prior to 1.3.2.

CPENameOperatorVersion
microwebereq1.2.4
microwebereq1.2.8
microwebereq1.2.11
microwebereq1.2.16
microwebereq1.2.6
microwebereq1.2.21
microwebereq1.2.12
microwebereq1.0.5-fix1
microwebereq1.2.3
microwebereq1.2.10

Name	Operator	Version
microweber	eq	1.2.4
microweber	eq	1.2.8
microweber	eq	1.2.11
microweber	eq	1.2.16
microweber	eq	1.2.6
microweber	eq	1.2.21
microweber	eq	1.2.12
microweber	eq	1.0.5-fix1
microweber	eq	1.2.3
microweber	eq	1.2.10

Rows per page:

1-10 of 271

References

github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c

huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.021 Low

EPSS

Percentile

89.1%

JSON

Related for OSV:CVE-2022-3242