Add CVE-2022-32175

2025-06-10 02:04:31 +00:00 · 2022-10-11 17:18:50 +03:00 · 2022-10-11 17:18:50 +03:00 · 21e9ed27b9
commit 21e9ed27b9
parent c9c82d8d96
1 changed files with 79 additions and 14 deletions
--- a/2022/32xxx/CVE-2022-32175.json
+++ b/2022/32xxx/CVE-2022-32175.json
@ -1,18 +1,83 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-32175",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+  "CVE_data_meta" : {
+    "ASSIGNER" : "vulnerabilitylab@mend.io",
+    "ID" : "CVE-2022-32175",
+    "STATE" : "PUBLIC",
+    "DATE_PUBLIC" : "Oct 11, 2022, 12:00:00 AM",
+    "TITLE" : "AdGuardHome - CSRF"
+  },
+  "affects" : {
+    "vendor" : {
+      "vendor_data" : [ {
+        "vendor_name" : "AdguardHome",
+        "product" : {
+          "product_data" : [ {
+            "product_name" : "AdguardHome",
+            "version" : {
+              "version_data" : [ {
+                "version_value" : "v0.99.0",
+                "version_affected" : ">="
+              }, {
+                "version_value" : "v0.108.0-b.9",
+                "version_affected" : "<="
+              } ]
            }
-        ]
+          } ]
+        }
+      } ]
    }
+  },
+  "credit" : [ {
+    "lang" : "eng",
+    "value" : "Mend Vulnerability Research Team (MVR)"
+  } ],
+  "data_format" : "MITRE",
+  "data_type" : "CVE",
+  "data_version" : "4.0",
+  "description" : {
+    "description_data" : [ {
+      "lang" : "eng",
+      "value" : "In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality.  An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules."
+    } ]
+  },
+  "generator" : {
+    "engine" : "Vulnogram 0.0.9"
+  },
+  "impact" : {
+    "cvss" : {
+      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
+      "attackComplexity" : "LOW",
+      "attackVector" : "NETWORK",
+      "availabilityImpact" : "LOW",
+      "confidentialityImpact" : "NONE",
+      "integrityImpact" : "LOW",
+      "privilegesRequired" : "NONE",
+      "scope" : "UNCHANGED",
+      "userInteraction" : "REQUIRED",
+      "version" : 3.1,
+      "baseScore" : 5.4,
+      "baseSeverity" : "MEDIUM"
+    }
+  },
+  "references" : {
+    "reference_data" : [ {
+      "refsource" : "MISC",
+      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32175"
+    }, {
+      "refsource" : "CONFIRM",
+      "url" : "https://github.com/AdguardTeam/AdGuardHome/blob/v0.108.0-b.13/internal/home/controlfiltering.go#L265"
+    } ]
+  },
+  "problemtype" : {
+    "problemtype_data" : [ {
+      "description" : [ {
+        "lang" : "eng",
+        "value" : "CWE-352 Cross-Site Request Forgery (CSRF)"
+      } ]
+    } ]
+  },
+  "source" : {
+    "advisory" : "https://www.mend.io/vulnerability-database/",
+    "discovery" : "UNKNOWN"
+  }
 }