{ "CVE_data_meta": { "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1996", "STATE": "PUBLIC", "TITLE": "Authorization Bypass Through User-Controlled Key in emicklei/go-restful" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "emicklei/go-restful", "version": { "version_data": [ { "version_affected": "<", "version_value": "v3.8.0" } ] } } ] }, "vendor_name": "emicklei" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-639 Authorization Bypass Through User-Controlled Key" } ] } ] }, "references": { "reference_data": [ { "name": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1" }, { "name": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10", "refsource": "MISC", "url": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10" }, { "refsource": "FEDORA", "name": "FEDORA-2022-185697ef56", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-589a0ad690", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-fae3ecee19", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-ba365d3703", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-30c5ed5625", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220923-0005/", "url": "https://security.netapp.com/advisory/ntap-20220923-0005/" } ] }, "source": { "advisory": "be837427-415c-4d8c-808b-62ce20aa84f1", "discovery": "EXTERNAL" } }