exploitDog

CVE-2022-47551

Опубликовано: 20 дек. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.

Ссылки

https://www.apiman.io/blog/permissions-bypass-disclosure/
Vendor Advisory
https://www.github.com/apiman/apiman
Third Party Advisory
https://www.apiman.io/blog/permissions-bypass-disclosure/
Vendor Advisory
https://www.github.com/apiman/apiman
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apiman:apiman:*:*:*:*:*:*:*:*

Версия от 1.5.7 (включая) до 2.2.3 (включая)

EPSS

Процентиль: 19%

0.00062

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-276

CWE-276

Связанные уязвимости

GHSA-j94p-hv25-rm5g

CVSS3: 7.1

github

около 3 лет назад

Apiman has potential permissions bypass

EPSS

Процентиль: 19%

0.00062

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-276

CWE-276