Lucene search
Veracode Vulnerability DatabaseVERACODE:38652HistoryDec 27, 2022 - 2:51 a.m.
Authorization Bypass
2022-12-2702:51:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
alpine
authorization bypass
executable war files
blacklisturlfilter
whitelisturlfilter
0.001 Low
EPSS
Percentile
43.5%
Alpine is vulnerable to authorization bypass.The vulnerability exists in doFilter functions of BlacklistUrlFilter.java and WhitelistUrlFilter.java allows an attacker to bypass administrative restrictions via executable WAR files.
References
github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121
github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127
github.com/stevespringett/Alpine/commit/a7432184b9137ea095799a77f9ced370553acbd7
securitylab.github.com/advisories/GHSL-2021-1009-Alpine/
Related
cve
cve
CVE-2022-23553
2022-12-28 19:15:09
cvelist
cvelist
CVE-2022-23553 URL access filters bypass in Alpine
2022-12-28 18:01:14
osv
osv
CVE-2022-23553
2022-12-28 19:15:09
prion
prion
Design/Logic Flaw
2022-12-28 19:15:00
nvd
nvd
CVE-2022-23553
2022-12-28 19:15:09