CVE-2022-34621

Опубликовано: 19 авг. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.

Ссылки

https://cwe.mitre.org/data/definitions/639.html
Third Party Advisory
https://docs.mealie.io/changelog/v0.5.6/
Release Notes
Third Party Advisory
https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/
Third Party Advisory
https://hub.docker.com/r/hkotel/mealie
Product
Third Party Advisory
https://portswigger.net/web-security/access-control/idor
Third Party Advisory
https://cwe.mitre.org/data/definitions/639.html
Third Party Advisory
https://docs.mealie.io/changelog/v0.5.6/
Release Notes
Third Party Advisory
https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/
Third Party Advisory
https://hub.docker.com/r/hkotel/mealie
Product
Third Party Advisory
https://portswigger.net/web-security/access-control/idor
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mealie:mealie:0.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mealie:mealie:1.0.0:beta3:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00368

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-84q6-9hr7-2jh7