admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-221xx/CVE-2025-22138.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

82 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-22138",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-13T21:15:14.500",
"lastModified": "2025-01-13T21:15:14.500",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or anonymous users via the suggested edit queue. This issue has not yet been patched and no workarounds are available. Users are advised to follow the development repo for updates.\n\n### Patches\nNot yet patched.\n\n### Workarounds\nNone available. Private or limited-visibility categories should not be considered ways to store sensitive information.\n\n### References\nInternal: [SUPPORT-114](https://codidact.atlassian.net/issues/SUPPORT-114)"
},
{
"lang": "es",
"value": "@codidact/qpixel es un software de intercambio de conocimientos basado en preguntas y respuestas. En las versiones afectadas, cuando una categor\u00eda se configura como privada o con visibilidad limitada dentro de las herramientas de administraci\u00f3n de QPixel, los usuarios sin privilegios o an\u00f3nimos a\u00fan pueden ver las ediciones sugeridas dentro de esta categor\u00eda a trav\u00e9s de la cola de ediciones sugeridas. Este problema a\u00fan no se ha solucionado y no hay Workarounds disponibles. Se recomienda a los usuarios que sigan el repositorio de desarrollo para obtener actualizaciones. ### Parches A\u00fan no se han solucionado. ### WWorkaroundsNo hay ninguno disponible. Las categor\u00edas privadas o con visibilidad limitada no deben considerarse formas de almacenar informaci\u00f3n confidencial. ### Referencias Interno: [SUPPORT-114](https://codidact.atlassian.net/issues/SUPPORT-114)"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/codidact/qpixel/security/advisories/GHSA-pv74-hcg9-65r4",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink