Lucene search

GoogleOSV:CVE-2022-44023

HistoryOct 30, 2022 - 12:15 a.m.

CVE-2022-44023

2022-10-3000:15:10

Google

osv.dev

pwndoc 0.5.3

remote attackers

identify disabled user account

response messages

authentication attempts

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.6%

JSON

PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts.

CPENameOperatorVersion
pwndoceq0.3.0
pwndoceq0.5.1
pwndoceq0.4.0
pwndoceq0.5.0
pwndoceq0.2.0
pwndoceq0.5.2
pwndoceq0.5.3
pwndoceq0.1.0

Name	Operator	Version
pwndoc	eq	0.3.0
pwndoc	eq	0.5.1
pwndoc	eq	0.4.0
pwndoc	eq	0.5.0
pwndoc	eq	0.2.0
pwndoc	eq	0.5.2
pwndoc	eq	0.5.3
pwndoc	eq	0.1.0

References

cve.nstsec.com/cve-2022-44023

github.com/pwndoc/pwndoc/issues/382

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.6%

JSON

Related for OSV:CVE-2022-44023