Lucene search

GoogleOSV:CVE-2022-42983

HistoryOct 17, 2022 - 7:15 a.m.

CVE-2022-42983

2022-10-1707:15:08

Google

osv.dev

anji-plus

aj-report

authentication

jwt tokens

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.

CPENameOperatorVersion
reporteqV0.9.3
reporteqV0.9.1
reporteqV0.9.6
reporteqV0.9.4.1
reporteqV0.9.7.2
reporteqV0.9.4.2
reporteqV0.9.7.3
reporteqV0.9.6.1
reporteqV0.9.7
reporteqV0.9.8

Name	Operator	Version
report	eq	V0.9.3
report	eq	V0.9.1
report	eq	V0.9.6
report	eq	V0.9.4.1
report	eq	V0.9.7.2
report	eq	V0.9.4.2
report	eq	V0.9.7.3
report	eq	V0.9.6.1
report	eq	V0.9.7
report	eq	V0.9.8

Rows per page:

1-10 of 161

References

gitee.com/anji-plus/report/issues/I5VVZ0

github.com/anji-plus/report/issues/7

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for OSV:CVE-2022-42983