Add CVE-2022-23079

2025-08-04 08:44:25 +00:00 · 2022-06-22 16:01:25 +03:00 · 2022-06-22 16:01:25 +03:00 · d491e7901a
commit d491e7901a
parent 6c7dda383a
1 changed files with 83 additions and 14 deletions
--- a/2022/23xxx/CVE-2022-23079.json
+++ b/2022/23xxx/CVE-2022-23079.json
@ -1,18 +1,87 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-23079",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+  "CVE_data_meta" : {
+    "ASSIGNER" : "vulnerabilitylab@mend.io",
+    "ID" : "CVE-2022-23079",
+    "STATE" : "PUBLIC",
+    "DATE_PUBLIC" : "Jan 11, 2022, 3:10:07 PM",
+    "TITLE" : "motoradmin - host header Injection in the reset password functionality "
+  },
+  "affects" : {
+    "vendor" : {
+      "vendor_data" : [ {
+        "vendor_name" : "motor-admin",
+        "product" : {
+          "product_data" : [ {
+            "product_name" : "motor-admin",
+            "version" : {
+              "version_data" : [ {
+                "version_value" : "0.0.1",
+                "version_affected" : ">="
+              }, {
+                "version_value" : "0.2.56",
+                "version_affected" : "<="
+              } ]
            }
-        ]
+          } ]
+        }
+      } ]
    }
+  },
+  "credit" : [ {
+    "lang" : "eng",
+    "value" : "Mend Vulnerability Research Team (MVR)"
+  } ],
+  "data_format" : "MITRE",
+  "data_type" : "CVE",
+  "data_version" : "4.0",
+  "description" : {
+    "description_data" : [ {
+      "lang" : "eng",
+      "value" : "In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim."
+    } ]
+  },
+  "generator" : {
+    "engine" : "Vulnogram 0.0.9"
+  },
+  "impact" : {
+    "cvss" : {
+      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+      "attackComplexity" : "LOW",
+      "attackVector" : "NETWORK",
+      "availabilityImpact" : "HIGH",
+      "confidentialityImpact" : "HIGH",
+      "integrityImpact" : "HIGH",
+      "privilegesRequired" : "NONE",
+      "scope" : "UNCHANGED",
+      "userInteraction" : "REQUIRED",
+      "version" : 3.1,
+      "baseScore" : 8.8,
+      "baseSeverity" : "HIGH"
+    }
+  },
+  "references" : {
+    "reference_data" : [ {
+      "refsource" : "MISC",
+      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-23079"
+    }, {
+      "refsource" : "CONFIRM",
+      "url" : "https://github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82404fe3ecf9"
+    } ]
+  },
+  "problemtype" : {
+    "problemtype_data" : [ {
+      "description" : [ {
+        "lang" : "eng",
+        "value" : "CWE-116 Improper Encoding or Escaping of Output"
+      } ]
+    } ]
+  },
+  "solution" : [ {
+    "lang" : "eng",
+    "value" : "Update version to 0.2.61 or later"
+  } ],
+  "source" : {
+    "advisory" : "https://www.mend.io/vulnerability-database/",
+    "discovery" : "UNKNOWN"
+  }
 }