Lucene search

[email protected]CVE-2022-4349

HistoryDec 08, 2022 - 8:15 a.m.

CVE-2022-4349

2022-12-0808:15:09

CWE-863

CWE-352

[email protected]

web.nvd.nist.gov

ctf-hacker pwn

vulnerability

cross-site request forgery

remote attack

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.2%

JSON

A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.

Affected configurations

NVD

Node

pwn_projectpwnMatch-

CPENameOperatorVersion
pwn_project:pwnpwn project pwneq-

CPE	Name	Operator	Version
pwn_project:pwn	pwn project pwn	eq	-

CNA Affected

[
  {
    "vendor": "CTF-hacker",
    "product": "pwn",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

gitee.com/CTF-hacker/pwn/issues/I5WAAB

vuldb.com/?id.215109

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.2%

JSON

Related for CVE-2022-4349

nvd1 prion1 cvelist1