admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/31xxx/CVE-2022-31168.json
advisory-database[bot] a3afcf7287
Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5 
Add CVE-2022-31168 for GHSA-c3cp-ggg5-9xw5
2022-07-22 13:03:04 +00:00

101 lines
3.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31168",
"STATE": "PUBLIC",
"TITLE": "Zulip Server insufficient authorization for changing bot roles"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zulip",
"version": {
"version_data": [
{
"version_value": "< 5.5"
}
]
}
}
]
},
"vendor_name": "zulip"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who dont own any bots, and lack permission to create them, cant exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-c3cp-ggg5-9xw5",
"refsource": "CONFIRM",
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-c3cp-ggg5-9xw5"
},
{
"name": "https://github.com/zulip/zulip/commit/751b2a03e565e9eb02ffe923b7c24ac73d604034",
"refsource": "MISC",
"url": "https://github.com/zulip/zulip/commit/751b2a03e565e9eb02ffe923b7c24ac73d604034"
},
{
"name": "https://github.com/zulip/zulip/releases/tag/5.5",
"refsource": "MISC",
"url": "https://github.com/zulip/zulip/releases/tag/5.5"
}
]
},
"source": {
"advisory": "GHSA-c3cp-ggg5-9xw5",
"discovery": "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink