Lucene search
GoogleOSV:CVE-2022-42975HistoryOct 17, 2022 - 6:15 a.m.
CVE-2022-42975
2022-10-1706:15:08
Google
osv.dev
5
phoenix
transport
check_origin
wildcarding
liveview
csrf token
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
31.8%
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
Related
cvelist
cvelist
CVE-2022-42975
2022-10-17 00:00:00
nvd
nvd
CVE-2022-42975
2022-10-17 06:15:08
osv
osv
Phoenix before 1.6.14 mishandles check_origin wildcarding
2022-10-17 12:00:27
prion
prion
Cross site request forgery (csrf)
2022-10-17 06:15:00
cve
cve
CVE-2022-42975
2022-10-17 06:15:08
github
github
Phoenix before 1.6.14 mishandles check_origin wildcarding
2022-10-17 12:00:27
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
31.8%
Related for OSV:CVE-2022-42975