CVE-2022-44216

Опубликовано: 20 фев. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.

Ссылки

https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2
Patch
https://gratis-herring-da5.notion.site/Gnuboard-Account-Takeover-version-5-5-4-5-5-5-2f69b0a21be642f58d8b7c72feea343a
Patch
Third Party Advisory
https://sir.kr/g5_pds/6400
Patch
Vendor Advisory
https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2
Patch
https://gratis-herring-da5.notion.site/Gnuboard-Account-Takeover-version-5-5-4-5-5-5-2f69b0a21be642f58d8b7c72feea343a
Patch
Third Party Advisory
https://sir.kr/g5_pds/6400
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sir:gnuboard:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:sir:gnuboard:5.5.5:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00158

Низкий

7.5 High

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-ch8g-82wx-x73x