CVE-2022-0613 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Affected Products (NVD)

Vendor	Product	Version
uri.js_project	uri.js	𝑥 < 1.19.8

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

pat

jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	ignored
xenial	ignored

Red Hat Enterprise Linux Releases

Red Hat Product

Release

aspnetcore-runtime-3.1

RHEL 8

0:3.1.24-1.el8_5

fixed

aspnetcore-targeting-pack-3.1

RHEL 8

0:3.1.24-1.el8_5

fixed

dotnet-apphost-pack-3.1

RHEL 8

0:3.1.24-1.el8_5

fixed

dotnet-hostfxr-3.1

RHEL 8

0:3.1.24-1.el8_5

fixed

dotnet-runtime-3.1

RHEL 8

0:3.1.24-1.el8_5

fixed

dotnet-sdk-3.1

RHEL 8

0:3.1.418-1.el8_5

fixed

dotnet-sdk-3.1-source-built-artifacts

RHEL 8

0:3.1.418-1.el8_5

fixed

dotnet-targeting-pack-3.1

RHEL 8

0:3.1.24-1.el8_5

fixed

dotnet-templates-3.1

RHEL 8

0:3.1.418-1.el8_5

fixed

Known Exploits!

Common Weakness Enumeration

CWE-639 - Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References

https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f

https://huntr.dev/bounties/f53d5c42-c108-40b8-917d-9dad51535083

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXSSATHALUSXXD2KT6UFZAX7EG4GR332/

https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f

https://huntr.dev/bounties/f53d5c42-c108-40b8-917d-9dad51535083

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXSSATHALUSXXD2KT6UFZAX7EG4GR332/