Add CVE-2022-32171

2025-06-10 02:04:31 +00:00 · 2022-10-06 08:48:40 +03:00 · 2022-10-06 08:48:40 +03:00 · f2ba72a914
commit f2ba72a914
parent c9c82d8d96
1 changed files with 83 additions and 14 deletions
--- a/2022/32xxx/CVE-2022-32171.json
+++ b/2022/32xxx/CVE-2022-32171.json
@ -1,18 +1,87 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-32171",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+  "CVE_data_meta" : {
+    "ASSIGNER" : "vulnerabilitylab@mend.io",
+    "ID" : "CVE-2022-32171",
+    "STATE" : "PUBLIC",
+    "DATE_PUBLIC" : "Sep 28, 2022, 12:00:00 AM",
+    "TITLE" : "Zinc - Stored XSS"
+  },
+  "affects" : {
+    "vendor" : {
+      "vendor_data" : [ {
+        "vendor_name" : "zinc",
+        "product" : {
+          "product_data" : [ {
+            "product_name" : "zinc",
+            "version" : {
+              "version_data" : [ {
+                "version_value" : "v0.1.9",
+                "version_affected" : ">="
+              }, {
+                "version_value" : "v0.3.1",
+                "version_affected" : "<="
+              } ]
            }
-        ]
+          } ]
+        }
+      } ]
    }
+  },
+  "credit" : [ {
+    "lang" : "eng",
+    "value" : "Mend Vulnerability Research Team (MVR)"
+  } ],
+  "data_format" : "MITRE",
+  "data_type" : "CVE",
+  "data_version" : "4.0",
+  "description" : {
+    "description_data" : [ {
+      "lang" : "eng",
+      "value" : "In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials."
+    } ]
+  },
+  "generator" : {
+    "engine" : "Vulnogram 0.0.9"
+  },
+  "impact" : {
+    "cvss" : {
+      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+      "attackComplexity" : "LOW",
+      "attackVector" : "NETWORK",
+      "availabilityImpact" : "NONE",
+      "confidentialityImpact" : "LOW",
+      "integrityImpact" : "LOW",
+      "privilegesRequired" : "LOW",
+      "scope" : "CHANGED",
+      "userInteraction" : "REQUIRED",
+      "version" : 3.1,
+      "baseScore" : 5.4,
+      "baseSeverity" : "MEDIUM"
+    }
+  },
+  "references" : {
+    "reference_data" : [ {
+      "refsource" : "MISC",
+      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32171"
+    }, {
+      "refsource" : "CONFIRM",
+      "url" : "https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d"
+    } ]
+  },
+  "problemtype" : {
+    "problemtype_data" : [ {
+      "description" : [ {
+        "lang" : "eng",
+        "value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+      } ]
+    } ]
+  },
+  "solution" : [ {
+    "lang" : "eng",
+    "value" : "Update version to v0.3.2 or later"
+  } ],
+  "source" : {
+    "advisory" : "https://www.mend.io/vulnerability-database/",
+    "discovery" : "UNKNOWN"
+  }
 }