CVE-2022-34624

Опубликовано: 19 авг. 2022

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.

Ссылки

http://hkotel.com
Not Applicable
URL Repurposed
http://mealie.com
Not Applicable
URL Repurposed
https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/
Third Party Advisory
http://hkotel.com
Not Applicable
URL Repurposed
http://mealie.com
Not Applicable
URL Repurposed
https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mealie:mealie:0.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mealie:mealie:1.0.0:beta3:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.0027

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-613

Связанные уязвимости

GHSA-vc8q-vv59-f54c