admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-12 02:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-239xx/CVE-2022-23904.json
cad-safe-bot 9520a58032 Auto-Update: 2024-11-23T15:09:04.070866+00:00
2024-11-23 15:12:23 +00:00

134 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-23904",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-05-02T12:16:26.557",
"lastModified": "2024-11-21T06:49:26.327",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition."
},
{
"lang": "es",
"value": "Rainworx Auctionworx versiones anteriores a 3.1R2, es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) que permite a un usuario autenticado actualizar su cuenta a admin y conseguir acceso al panel de control de auctionworx admin. Esta vulnerabilidad afecta a AuctionWorx Enterprise y AuctionWorx: Events Edition"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"baseScore": 6.0,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rainworx:auctionworx:*:*:*:*:enterprise:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "8879883F-66EA-4553-B74F-11B1E33A7752"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rainworx:auctionworx:*:*:*:*:events:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "5378B078-06F0-4D01-8A17-BBAD49090464"
}
]
}
]
}
],
"references": [
{
"url": "https://ebereorisi.com/blog/account-privilege-upgrade-on-auctionworx-software-cve-2022-23904/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.rainworx.com/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://ebereorisi.com/blog/account-privilege-upgrade-on-auctionworx-software-cve-2022-23904/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.rainworx.com/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink