Add CVE-2022-23077

2025-08-04 08:44:25 +00:00 · 2022-06-22 14:28:50 +03:00 · 2022-06-22 14:28:50 +03:00 · 68365f3cca
commit 68365f3cca
parent 6c7dda383a
1 changed files with 83 additions and 14 deletions
--- a/2022/23xxx/CVE-2022-23077.json
+++ b/2022/23xxx/CVE-2022-23077.json
@ -1,18 +1,87 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-23077",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+  "CVE_data_meta" : {
+    "ASSIGNER" : "vulnerabilitylab@mend.io",
+    "ID" : "CVE-2022-23077",
+    "STATE" : "PUBLIC",
+    "DATE_PUBLIC" : "Jan 11, 2022, 3:10:07 PM",
+    "TITLE" : "Habitica - DOM XSS in login page"
+  },
+  "affects" : {
+    "vendor" : {
+      "vendor_data" : [ {
+        "vendor_name" : "habitica",
+        "product" : {
+          "product_data" : [ {
+            "product_name" : "habitica",
+            "version" : {
+              "version_data" : [ {
+                "version_value" : "v4.119.1",
+                "version_affected" : ">="
+              }, {
+                "version_value" : "v4.232.2",
+                "version_affected" : "<="
+              } ]
            }
-        ]
+          } ]
+        }
+      } ]
    }
+  },
+  "credit" : [ {
+    "lang" : "eng",
+    "value" : "Mend Vulnerability Research Team (MVR)"
+  } ],
+  "data_format" : "MITRE",
+  "data_type" : "CVE",
+  "data_version" : "4.0",
+  "description" : {
+    "description_data" : [ {
+      "lang" : "eng",
+      "value" : "In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page."
+    } ]
+  },
+  "generator" : {
+    "engine" : "Vulnogram 0.0.9"
+  },
+  "impact" : {
+    "cvss" : {
+      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+      "attackComplexity" : "LOW",
+      "attackVector" : "NETWORK",
+      "availabilityImpact" : "NONE",
+      "confidentialityImpact" : "LOW",
+      "integrityImpact" : "LOW",
+      "privilegesRequired" : "NONE",
+      "scope" : "CHANGED",
+      "userInteraction" : "REQUIRED",
+      "version" : 3.1,
+      "baseScore" : 6.1,
+      "baseSeverity" : "MEDIUM"
+    }
+  },
+  "references" : {
+    "reference_data" : [ {
+      "refsource" : "MISC",
+      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-23077"
+    }, {
+      "refsource" : "CONFIRM",
+      "url" : "https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f"
+    } ]
+  },
+  "problemtype" : {
+    "problemtype_data" : [ {
+      "description" : [ {
+        "lang" : "eng",
+        "value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+      } ]
+    } ]
+  },
+  "solution" : [ {
+    "lang" : "eng",
+    "value" : "Update version to v4.233.0 or later"
+  } ],
+  "source" : {
+    "advisory" : "https://www.mend.io/vulnerability-database/",
+    "discovery" : "UNKNOWN"
+  }
 }