Lucene search

GitHub Advisory DatabaseGHSA-MCGW-5FHW-3FQ8

HistoryMar 12, 2022 - 12:00 a.m.

saleor Missing Authorization vulnerability

2022-03-1200:00:34

CWE-862

GitHub Advisory Database

github.com

saleor

missing authorization

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.4%

JSON

Missing Authorization in saleor prior to 3.1.2.

Affected configurations

Vulners

Node

saleorsaleorRange<3.1.2

References

github.com/advisories/GHSA-mcgw-5fhw-3fq8

github.com/saleor/saleor/commit/521dfd6394f3926a77c60d8633c058e16d0f916d

huntr.dev/bounties/88ae4cbc-c697-401b-8b04-7dc4e03ad8eb

nvd.nist.gov/vuln/detail/CVE-2022-0932

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.4%

JSON

Related for GHSA-MCGW-5FHW-3FQ8