Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:35800
HistoryJun 02, 2022 - 2:32 a.m.

Authentication Bypass

2022-06-0202:32:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
bleve
authentication bypass
vulnerability
role-based access control
rest handlers
directory manipulation

EPSS

0

Percentile

12.6%

JSON

github.com/blevesearch/bleve is vulnerable to authentication bypass. The vulnerability exists due to the missing role-based access control for rest handlers in index_create.go and index_delete.go, allowing an attacker to recursively write and delete any directory in the server by using the same account.

Related

wolfi 1
ubuntucve 1
osv 3
prion 1
cve 1
debiancve 1
nvd 1
cgr 1
github 1
cvelist 1
wolfi
wolfi
CVE-2022-31022 vulnerabilities
2024-10-01 09:27:37
ubuntucve
ubuntucve
CVE-2022-31022
2022-06-01 00:00:00
osv
osv
CVE-2022-31022
2022-06-01 20:15:08
Missing Role Based Access Control for the REST handlers in bleve/http package
2022-06-03 22:17:51
No access control in github.com/blevesearch/bleve and bleve/v2
2022-07-15 23:29:55
prion
prion
Authorization
2022-06-01 20:15:00
cve
cve
CVE-2022-31022
2022-06-01 20:15:08
debiancve
debiancve
CVE-2022-31022
2022-06-01 20:15:08
nvd
nvd
CVE-2022-31022
2022-06-01 20:15:08
cgr
cgr
CVE-2022-31022 vulnerabilities
2024-04-30 09:06:13
github
github
Missing Role Based Access Control for the REST handlers in bleve/http package
2022-06-03 22:17:51
cvelist
cvelist
CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package
2022-06-01 19:45:12

EPSS

0

Percentile

12.6%

JSON
Related for VERACODE:35800
wolfi1ubuntucve1osv3prion1cve1debiancve1nvd1cgr1github1cvelist1