CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2022-23451 (GCVE-0-2022-23451)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 03:43
VLAI
Summary
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Severity
No CVSS data available.
CWE
- CWE-863 - - Incorrect Authorization.
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2025089 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=2022878 | x_refsource_MISC |
| https://storyboard.openstack.org/#%21/story/2009253 | x_refsource_MISC |
| https://review.opendev.org/c/openstack/barbican/+… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2022-23451 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | openstack/barbican |
Affected:
Fixed in v14.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025089"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://storyboard.openstack.org/#%21/story/2009253"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.opendev.org/c/openstack/barbican/+/811236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-23451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openstack/barbican",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 - Incorrect Authorization.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:52.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025089"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://storyboard.openstack.org/#%21/story/2009253"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.opendev.org/c/openstack/barbican/+/811236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-23451"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-23451",
"datePublished": "2022-09-06T17:18:52.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:43:46.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23452 (GCVE-0-2022-23452)
Vulnerability from cvelistv5 – Published: 2022-09-01 20:57 – Updated: 2024-08-03 03:43
VLAI
Summary
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
Severity
No CVSS data available.
CWE
- CWE-863 - - Incorrect Authorization.
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2025090 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=2022908 | x_refsource_MISC |
| https://storyboard.openstack.org/#%21/story/2009297 | x_refsource_MISC |
| https://review.opendev.org/c/openstack/barbican/+… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2022-23452 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | openstack/barbican |
Affected:
Fixed in v14.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:45.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022908"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://storyboard.openstack.org/#%21/story/2009297"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.opendev.org/c/openstack/barbican/+/814200"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-23452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openstack/barbican",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 - Incorrect Authorization.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T20:57:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022908"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://storyboard.openstack.org/#%21/story/2009297"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.opendev.org/c/openstack/barbican/+/814200"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-23452"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-23452",
"datePublished": "2022-09-01T20:57:45.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:43:45.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23473 (GCVE-0-2022-23473)
Vulnerability from cvelistv5 – Published: 2022-12-13 06:46 – Updated: 2025-04-23 16:28
VLAI
Title
Tuleap MediaWiki standalone "readers" can also edit pages
Summary
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Enalean/tuleap/security/adviso… | x_refsource_CONFIRM |
| https://tuleap.net/plugins/git/tuleap/tuleap/stab… | x_refsource_MISC |
| https://tuleap.net/plugins/tracker/?aid=29645 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw"
},
{
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=97cac78302170a883c1d60c9fa6dfd0d95854cb9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=97cac78302170a883c1d60c9fa6dfd0d95854cb9"
},
{
"name": "https://tuleap.net/plugins/tracker/?aid=29645",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tuleap.net/plugins/tracker/?aid=29645"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:52:33.907917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:28:41.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tuleap",
"vendor": "Enalean",
"versions": [
{
"status": "affected",
"version": "\u003c 14.2.99.148"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T06:46:17.479Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw"
},
{
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=97cac78302170a883c1d60c9fa6dfd0d95854cb9",
"tags": [
"x_refsource_MISC"
],
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=97cac78302170a883c1d60c9fa6dfd0d95854cb9"
},
{
"name": "https://tuleap.net/plugins/tracker/?aid=29645",
"tags": [
"x_refsource_MISC"
],
"url": "https://tuleap.net/plugins/tracker/?aid=29645"
}
],
"source": {
"advisory": "GHSA-c7rr-5vmc-rgcw",
"discovery": "UNKNOWN"
},
"title": "Tuleap MediaWiki standalone \"readers\" can also edit pages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23473",
"datePublished": "2022-12-13T06:46:17.479Z",
"dateReserved": "2022-01-19T21:23:53.757Z",
"dateUpdated": "2025-04-23T16:28:41.005Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23490 (GCVE-0-2022-23490)
Vulnerability from cvelistv5 – Published: 2022-12-16 21:02 – Updated: 2025-04-17 14:34
VLAI
Title
Improper access control to polling votes
Summary
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.
Severity
4.3 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/bigbluebutton/bigbluebutton/se… | x_refsource_CONFIRM |
| https://github.com/bigbluebutton/bigbluebutton/re… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bigbluebutton | bigbluebutton |
Affected:
< 2.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4qgc-xhw5-6qfg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4qgc-xhw5-6qfg"
},
{
"name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:34:50.857046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:34:58.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bigbluebutton",
"vendor": "bigbluebutton",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-16T21:02:30.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4qgc-xhw5-6qfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4qgc-xhw5-6qfg"
},
{
"name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0"
}
],
"source": {
"advisory": "GHSA-4qgc-xhw5-6qfg",
"discovery": "UNKNOWN"
},
"title": "Improper access control to polling votes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23490",
"datePublished": "2022-12-16T21:02:30.109Z",
"dateReserved": "2022-01-19T21:23:53.762Z",
"dateUpdated": "2025-04-17T14:34:58.102Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23551 (GCVE-0-2022-23551)
Vulnerability from cvelistv5 – Published: 2022-12-21 19:50 – Updated: 2025-04-15 18:10
VLAI
Title
AAD Pod Identity obtaining token with backslash
Summary
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release.
Severity
5.3 (Medium)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Azure/aad-pod-identity/securit… | x_refsource_CONFIRM |
| https://github.com/Azure/aad-pod-identity/commit/… | x_refsource_MISC |
| https://github.com/Azure/aad-pod-identity/release… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | aad-pod-identity |
Affected:
< 1.8.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc"
},
{
"name": "https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d"
},
{
"name": "https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:10:00.841172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:10:15.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aad-pod-identity",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\\oauth2\\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn\u0027t have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1259",
"description": "CWE-1259: Improper Restriction of Security Token Assignment",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T19:50:15.247Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc"
},
{
"name": "https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d"
},
{
"name": "https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13"
}
],
"source": {
"advisory": "GHSA-p82q-rxpm-hjpc",
"discovery": "UNKNOWN"
},
"title": "AAD Pod Identity obtaining token with backslash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23551",
"datePublished": "2022-12-21T19:50:15.247Z",
"dateReserved": "2022-01-19T21:23:53.801Z",
"dateUpdated": "2025-04-15T18:10:15.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23553 (GCVE-0-2022-23553)
Vulnerability from cvelistv5 – Published: 2022-12-28 18:01 – Updated: 2025-04-10 20:29
VLAI
Title
URL access filters bypass in Alpine
Summary
Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.
Severity
7.5 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://github.com/stevespringett/Alpine/blob/alp… | x_refsource_MISC |
| https://github.com/stevespringett/Alpine/blob/alp… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| stevespringett | alpine |
Affected:
< 1.10.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/"
},
{
"name": "https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121"
},
{
"name": "https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:28:15.328236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:29:58.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "alpine",
"vendor": "stevespringett",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T18:01:14.741Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/"
},
{
"name": "https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121"
},
{
"name": "https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127"
}
],
"source": {
"advisory": "GHSA-2w4p-2hf7-gh8x",
"discovery": "UNKNOWN"
},
"title": "URL access filters bypass in Alpine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23553",
"datePublished": "2022-12-28T18:01:14.741Z",
"dateReserved": "2022-01-19T21:23:53.801Z",
"dateUpdated": "2025-04-10T20:29:58.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23615 (GCVE-0-2022-23615)
Vulnerability from cvelistv5 – Published: 2022-02-09 20:35 – Updated: 2025-04-23 19:06
VLAI
Title
Partial authorization bypass on document save in xwiki-platform
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access.
Severity
5.4 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/7a… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-5024 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 1.0, < 13.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-5024"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:10:53.325065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:06:26.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0, \u003c 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T20:35:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-5024"
}
],
"source": {
"advisory": "GHSA-f4cj-3q3h-884r",
"discovery": "UNKNOWN"
},
"title": "Partial authorization bypass on document save in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23615",
"STATE": "PUBLIC",
"TITLE": "Partial authorization bypass on document save in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.0, \u003c 13.0"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-5024",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-5024"
}
]
},
"source": {
"advisory": "GHSA-f4cj-3q3h-884r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23615",
"datePublished": "2022-02-09T20:35:11.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:06:26.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23627 (GCVE-0-2022-23627)
Vulnerability from cvelistv5 – Published: 2022-02-08 22:30 – Updated: 2025-04-23 19:06
VLAI
Title
Inadequate access verification when using proxy commands in ArchiSteamFarm
Summary
ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn't adequately verify effective access of the user sending proxy (i.e. `[Bots]`) commands. In particular, a proxy-like command sent to bot `A` targeting bot `B` has incorrectly verified user's access against bot `A` - instead of bot `B`, to which the command was originally designated. This in result allowed access to resources beyond those configured, being a security threat affecting confidentiality of other bot instances. A successful attack exploiting this bug requires a significant access granted explicitly by original owner of the ASF process prior to that, as attacker has to control at least a single bot in the process to make use of this inadequate access verification loophole. The issue is patched in ASF V5.2.2.5, V5.2.3.2 and future versions. Users are advised to update as soon as possible.
Severity
5 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/JustArchiNET/ArchiSteamFarm/se… | x_refsource_CONFIRM |
| https://github.com/JustArchiNET/ArchiSteamFarm/pu… | x_refsource_MISC |
| https://github.com/JustArchiNET/ArchiSteamFarm/pu… | x_refsource_MISC |
| https://github.com/JustArchiNET/ArchiSteamFarm/co… | x_refsource_MISC |
| https://github.com/JustArchiNET/ArchiSteamFarm/co… | x_refsource_MISC |
| https://github.com/JustArchiNET/ArchiSteamFarm/re… | x_refsource_MISC |
| https://github.com/JustArchiNET/ArchiSteamFarm/re… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JustArchiNET | ArchiSteamFarm |
Affected:
>= 5.2.2.2, < 5.2.2.5
Affected: >= 5.2.3.0, < 5.2.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/security/advisories/GHSA-88ch-366c-5m89"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/pull/2501"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/pull/2509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/commit/7a29d9282bdc3280db2a379c24f73916d786f9b4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/commit/f807bdb660e75dee5a34994f2ea70970ca6d0492"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.2.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.3.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:10:57.117039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:06:32.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ArchiSteamFarm",
"vendor": "JustArchiNET",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.2.2.2, \u003c 5.2.2.5"
},
{
"status": "affected",
"version": "\u003e= 5.2.3.0, \u003c 5.2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn\u0027t adequately verify effective access of the user sending proxy (i.e. `[Bots]`) commands. In particular, a proxy-like command sent to bot `A` targeting bot `B` has incorrectly verified user\u0027s access against bot `A` - instead of bot `B`, to which the command was originally designated. This in result allowed access to resources beyond those configured, being a security threat affecting confidentiality of other bot instances. A successful attack exploiting this bug requires a significant access granted explicitly by original owner of the ASF process prior to that, as attacker has to control at least a single bot in the process to make use of this inadequate access verification loophole. The issue is patched in ASF V5.2.2.5, V5.2.3.2 and future versions. Users are advised to update as soon as possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-08T22:30:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/security/advisories/GHSA-88ch-366c-5m89"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/pull/2501"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/pull/2509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/commit/7a29d9282bdc3280db2a379c24f73916d786f9b4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/commit/f807bdb660e75dee5a34994f2ea70970ca6d0492"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.2.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.3.2"
}
],
"source": {
"advisory": "GHSA-88ch-366c-5m89",
"discovery": "UNKNOWN"
},
"title": "Inadequate access verification when using proxy commands in ArchiSteamFarm ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23627",
"STATE": "PUBLIC",
"TITLE": "Inadequate access verification when using proxy commands in ArchiSteamFarm "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArchiSteamFarm",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.2.2.2, \u003c 5.2.2.5"
},
{
"version_value": "\u003e= 5.2.3.0, \u003c 5.2.3.2"
}
]
}
}
]
},
"vendor_name": "JustArchiNET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn\u0027t adequately verify effective access of the user sending proxy (i.e. `[Bots]`) commands. In particular, a proxy-like command sent to bot `A` targeting bot `B` has incorrectly verified user\u0027s access against bot `A` - instead of bot `B`, to which the command was originally designated. This in result allowed access to resources beyond those configured, being a security threat affecting confidentiality of other bot instances. A successful attack exploiting this bug requires a significant access granted explicitly by original owner of the ASF process prior to that, as attacker has to control at least a single bot in the process to make use of this inadequate access verification loophole. The issue is patched in ASF V5.2.2.5, V5.2.3.2 and future versions. Users are advised to update as soon as possible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JustArchiNET/ArchiSteamFarm/security/advisories/GHSA-88ch-366c-5m89",
"refsource": "CONFIRM",
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/security/advisories/GHSA-88ch-366c-5m89"
},
{
"name": "https://github.com/JustArchiNET/ArchiSteamFarm/pull/2501",
"refsource": "MISC",
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/pull/2501"
},
{
"name": "https://github.com/JustArchiNET/ArchiSteamFarm/pull/2509",
"refsource": "MISC",
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/pull/2509"
},
{
"name": "https://github.com/JustArchiNET/ArchiSteamFarm/commit/7a29d9282bdc3280db2a379c24f73916d786f9b4",
"refsource": "MISC",
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/commit/7a29d9282bdc3280db2a379c24f73916d786f9b4"
},
{
"name": "https://github.com/JustArchiNET/ArchiSteamFarm/commit/f807bdb660e75dee5a34994f2ea70970ca6d0492",
"refsource": "MISC",
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/commit/f807bdb660e75dee5a34994f2ea70970ca6d0492"
},
{
"name": "https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.2.5",
"refsource": "MISC",
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.2.5"
},
{
"name": "https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.3.2",
"refsource": "MISC",
"url": "https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.3.2"
}
]
},
"source": {
"advisory": "GHSA-88ch-366c-5m89",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23627",
"datePublished": "2022-02-08T22:30:13.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:06:32.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23739 (GCVE-0-2022-23739)
Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-04-08 20:17
VLAI
Title
Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
Severity
9.8 (Critical)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Affected:
3.3 , < 3.3.16
(custom)
Affected: 3.4 , < 3.4.11 (custom) Affected: 3.5 , < 3.5.8 (custom) Affected: 3.6 , < 3.6.4 (custom) Affected: 3.7 , < 3.7.1 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:17:06.359795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:17:33.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.16",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.11",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.8",
"status": "affected",
"version": "3.5",
"versionType": "custom"
},
{
"lessThan": "3.6.4",
"status": "affected",
"version": "3.6",
"versionType": "custom"
},
{
"lessThan": "3.7.1",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23739",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-08T20:17:33.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23741 (GCVE-0-2022-23741)
Vulnerability from cvelistv5 – Published: 2022-12-14 00:00 – Updated: 2025-04-22 16:09
VLAI
Title
Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
Severity
7.2 (High)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Affected:
3.3 , < 3.3.17
(custom)
Affected: 3.4 , < 3.4.12 (custom) Affected: 3.5 , < 3.5.9 (custom) Affected: 3.6 , < 3.6.5 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:08:17.519153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:09:01.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.12",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.9",
"status": "affected",
"version": "3.5",
"versionType": "custom"
},
{
"lessThan": "3.6.5",
"status": "affected",
"version": "3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vaibhav Singh (@vaib25vicky)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00.000Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23741",
"datePublished": "2022-12-14T00:00:00.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-22T16:09:01.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.