Lucene search

GoogleOSV:CVE-2022-47002

HistoryFeb 01, 2023 - 2:15 p.m.

CVE-2022-47002

2023-02-0114:15:08

Google

osv.dev

vulnerability

masa cms

authentication bypass

crafted web request

software

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.106 Low

EPSS

Percentile

95.1%

JSON

A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.

CPENameOperatorVersion
masacmseq7.1.275
masacmseq7.1.339
masacmseq7.1.334
masacmseq7.1.448
masacmseq7.1.218
masacmseq7.1.467
masacmseq7.1.381
masacmseq7.1.478
masacmseq7.1.183
masacmseq7.1.345

Name	Operator	Version
masacms	eq	7.1.275
masacms	eq	7.1.339
masacms	eq	7.1.334
masacms	eq	7.1.448
masacms	eq	7.1.218
masacms	eq	7.1.467
masacms	eq	7.1.381
masacms	eq	7.1.478
masacms	eq	7.1.183
masacms	eq	7.1.345

Rows per page:

1-10 of 4391

References

github.com/MasaCMS/MasaCMS/releases/tag/7.3.10

www.hoyahaxa.com/2023/01/preliminary-security-advisory.html

www.hoyahaxa.com/2023/03/authentication-bypass-mura-masa.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.106 Low

EPSS

Percentile

95.1%

JSON

Related for OSV:CVE-2022-47002