Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:37 p.m.11 views

CVE-2022-39322

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...

9.8CVSS6.7AI score0.01055EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.8 views

CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...

9.1CVSS7.1AI score0.01055EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.45 views

CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...

9.1CVSS9.7AI score0.01055EPSS
Exploits1References2
CVE
CVE
added 2022/10/25 12:0 a.m.61 views

CVE-2022-39322

The CVE-2022-39322 entry affects the Keystone 6 ecosystem: @keystone-6/core prior to version 2.3.1, specifically 2.2.0 up to 2.3.0, is vulnerable to a field-level access-control bypass for multiselect fields. The vulnerability arises because field-level access control is not applied to multiselec...

9.8CVSS9.6AI score0.01055EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder