Lucene search

@huntrdevCVE-2022-1815

HistoryMay 25, 2022 - 9:15 a.m.

CVE-2022-1815

2022-05-2509:15:07

CWE-918

CWE-200

@huntrdev

web.nvd.nist.gov

cve-2022-1815

information security

github

jgraph

drawio

nvd

sensitive information

unauthorized actor

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.019

Percentile

88.7%

JSON

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.

Affected configurations

Nvd

Node

diagramsdrawioRange<18.1.2

VendorProductVersionCPE
diagramsdrawio*cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
diagrams	drawio	*	cpe:2.3:a:diagrams:drawio::::::::

CNA Affected

[
  {
    "product": "jgraph/drawio",
    "vendor": "jgraph",
    "versions": [
      {
        "lessThan": "18.1.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/jgraph/drawio/commit/c287bef9101d024b1fd59d55ecd530f25000f9d8

huntr.dev/bounties/6e856a25-9117-47c6-9375-52f78876902f

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.019

Percentile

88.7%

JSON

Related for CVE-2022-1815