admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/31xxx/CVE-2022-31168.json

101 lines
3.7 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2022-05-18 19:01:55 +00:00
{
"CVE_data_meta": {
Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5 Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5
2022-07-22 13:03:04 +00:00
"ASSIGNER": "security-advisories@github.com",
"-Synchronized-Data."
2022-05-18 19:01:55 +00:00
"ID": "CVE-2022-31168",
Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5 Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5
2022-07-22 13:03:04 +00:00
"STATE": "PUBLIC",
"TITLE": "Zulip Server insufficient authorization for changing bot roles"
"-Synchronized-Data."
2022-05-18 19:01:55 +00:00
},
Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5 Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5
2022-07-22 13:03:04 +00:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zulip",
"version": {
"version_data": [
{
"version_value": "< 5.5"
}
]
}
}
]
},
"vendor_name": "zulip"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2022-05-18 19:01:55 +00:00
"description": {
"description_data": [
{
"lang": "eng",
Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5 Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5
2022-07-22 13:03:04 +00:00
"value": "Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who dont own any bots, and lack permission to create them, cant exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-c3cp-ggg5-9xw5",
"refsource": "CONFIRM",
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-c3cp-ggg5-9xw5"
},
{
"name": "https://github.com/zulip/zulip/commit/751b2a03e565e9eb02ffe923b7c24ac73d604034",
"refsource": "MISC",
"url": "https://github.com/zulip/zulip/commit/751b2a03e565e9eb02ffe923b7c24ac73d604034"
},
{
"name": "https://github.com/zulip/zulip/releases/tag/5.5",
"refsource": "MISC",
"url": "https://github.com/zulip/zulip/releases/tag/5.5"
"-Synchronized-Data."
2022-05-18 19:01:55 +00:00
}
]
Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5 Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5
2022-07-22 13:03:04 +00:00
},
"source": {
"advisory": "GHSA-c3cp-ggg5-9xw5",
"discovery": "UNKNOWN"
"-Synchronized-Data."
2022-05-18 19:01:55 +00:00
}
}
Reference in New Issue Copy Permalink