exploitDog

CVE-2022-31164

Опубликовано: 22 июл. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51.

Ссылки

https://github.com/tovyblox/tovy/pull/63
Patch
Third Party Advisory
https://github.com/tovyblox/tovy/security/advisories/GHSA-j6f8-wh4v-jc37
Third Party Advisory
https://github.com/tovyblox/tovy/pull/63
Patch
Third Party Advisory
https://github.com/tovyblox/tovy/security/advisories/GHSA-j6f8-wh4v-jc37
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tovyblox:tovy:*:*:*:*:*:*:*:*

Версия до 0.7.51 (исключая)

EPSS

Процентиль: 42%

0.00204

Низкий

7.5 High

CVSS3

Дефекты

CWE-287

EPSS

Процентиль: 42%

0.00204

Низкий

7.5 High

CVSS3

Дефекты

CWE-287