CVE-2022-45183

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
ironmansoftwarepowershell_universal
2.0.0 ≤
𝑥
< 2.12.6
ironmansoftwarepowershell_universal
3.0.0 ≤
𝑥
< 3.4.7
ironmansoftwarepowershell_universal
3.5.0 ≤
𝑥
< 3.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.ironmansoftware.com/psu-2022-11-cve/
https://docs.powershelluniversal.com/changelog
https://ironmansoftware.com
https://blog.ironmansoftware.com/psu-2022-11-cve/
https://docs.powershelluniversal.com/changelog
https://ironmansoftware.com