CVE-2022-3065

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
@huntrdevCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
diagramsdrawio
𝑥
< 20.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da
https://huntr.dev/bounties/5f3bc4b6-1d53-46b7-a23d-70f5faaf0c76
https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da
https://huntr.dev/bounties/5f3bc4b6-1d53-46b7-a23d-70f5faaf0c76