Search

Find a vulnerability

Search criteria

    Related vulnerabilities

    GSD-2022-0126

    Vulnerability from gsd - Updated: 2023-12-13 01:19
    Details
    ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
    Aliases
    Aliases

    {
      "GSD": {
        "alias": "CVE-2022-0126",
        "id": "GSD-2022-0126"
      },
      "gsd": {
        "metadata": {
          "exploitCode": "unknown",
          "remediation": "unknown",
          "reportConfidence": "confirmed",
          "type": "vulnerability"
        },
        "osvSchema": {
          "aliases": [
            "CVE-2022-0126"
          ],
          "id": "GSD-2022-0126",
          "modified": "2023-12-13T01:19:11.216553Z",
          "schema_version": "1.4.0"
        }
      },
      "namespaces": {
        "cve.org": {
          "CVE_data_meta": {
            "ASSIGNER": "cve@mitre.org",
            "ID": "CVE-2022-0126",
            "STATE": "RESERVED"
          },
          "data_format": "MITRE",
          "data_type": "CVE",
          "data_version": "4.0",
          "description": {
            "description_data": [
              {
                "lang": "eng",
                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
              }
            ]
          }
        }
      }
    }

    GSD-2022-0821

    Vulnerability from gsd - Updated: 2023-12-13 01:19
    Details
    Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
    Aliases
    Aliases

    {
      "GSD": {
        "alias": "CVE-2022-0126",
        "description": "According to huntr.dev 0019eb1c-8bf9-4bd0-a27f-aadc173515cb\n\n# Improper Authorization in orchardcms/orchardcore\n\n## Description\n\nA low-privilege user (I tested it with Editor priv user) can create any role in the application.\n\n## Proof of Concept\n\nMake a POST request to /Admin/Roles/Create using low-priv user\u0027s cookie and __RequestVerificationToken\n\nA new role will be created with the specified name.\n\n## Impact\n\nA low-priv user can create a number of roles which breaks the authorization principle of this application.\n\n## Occurrences\n\nAdminController.cs L73-L123\n\n",
        "id": "GSD-2022-0126"
      },
      "gsd": {
        "metadata": {
          "exploitCode": "unknown",
          "remediation": "unknown",
          "reportConfidence": "confirmed",
          "type": "vulnerability"
        },
        "osvSchema": {
          "aliases": [
            "CVE-2022-0821"
          ],
          "details": "Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.",
          "id": "GSD-2022-0821",
          "modified": "2023-12-13T01:19:11.126409Z",
          "schema_version": "1.4.0"
        }
      },
      "namespaces": {
        "cve.org": {
          "CVE_data_meta": {
            "ASSIGNER": "security@huntr.dev",
            "ID": "CVE-2022-0821",
            "STATE": "PUBLIC",
            "TITLE": "Improper Authorization in orchardcms/orchardcore"
          },
          "affects": {
            "vendor": {
              "vendor_data": [
                {
                  "product": {
                    "product_data": [
                      {
                        "product_name": "orchardcms/orchardcore",
                        "version": {
                          "version_data": [
                            {
                              "version_affected": "\u003c",
                              "version_value": "1.3.0"
                            }
                          ]
                        }
                      }
                    ]
                  },
                  "vendor_name": "orchardcms"
                }
              ]
            }
          },
          "data_format": "MITRE",
          "data_type": "CVE",
          "data_version": "4.0",
          "description": {
            "description_data": [
              {
                "lang": "eng",
                "value": "Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0."
              }
            ]
          },
          "impact": {
            "cvss": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
              "version": "3.0"
            }
          },
          "problemtype": {
            "problemtype_data": [
              {
                "description": [
                  {
                    "lang": "eng",
                    "value": "CWE-285 Improper Authorization"
                  }
                ]
              }
            ]
          },
          "references": {
            "reference_data": [
              {
                "name": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d",
                "refsource": "MISC",
                "url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
              },
              {
                "name": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb",
                "refsource": "CONFIRM",
                "url": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb"
              }
            ]
          },
          "source": {
            "advisory": "0019eb1c-8bf9-4bd0-a27f-aadc173515cb",
            "discovery": "EXTERNAL"
          }
        },
        "nvd.nist.gov": {
          "configurations": {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:orchardcore:orchardcore:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          },
          "cve": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0821"
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "en",
                  "value": "Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "en",
                      "value": "NVD-CWE-Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb",
                  "refsource": "CONFIRM",
                  "tags": [
                    "Exploit",
                    "Patch",
                    "Third Party Advisory"
                  ],
                  "url": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb"
                },
                {
                  "name": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d",
                  "refsource": "MISC",
                  "tags": [
                    "Patch",
                    "Third Party Advisory"
                  ],
                  "url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
                }
              ]
            }
          },
          "impact": {
            "baseMetricV2": {
              "acInsufInfo": false,
              "cvssV2": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 8.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "severity": "MEDIUM",
              "userInteractionRequired": false
            },
            "baseMetricV3": {
              "cvssV3": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6
            }
          },
          "lastModifiedDate": "2023-07-24T13:47Z",
          "publishedDate": "2022-03-11T00:15Z"
        }
      }
    }