{"vulnerability": "cve-2022-3462", "sightings": [{"uuid": "2f71b4b0-4093-46e3-bab4-96fa851294ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34623", "type": "seen", "source": "https://t.me/cibsecurity/48444", "content": "\u203c CVE-2022-34623 \u203c\n\nMealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T18:17:32.000000Z"}, {"uuid": "aec0e210-c578-4101-8b00-2e041b011725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34621", "type": "seen", "source": "https://t.me/cibsecurity/48439", "content": "\u203c CVE-2022-34621 \u203c\n\nMealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T18:17:24.000000Z"}, {"uuid": "b63bb5b2-8a85-419f-94ba-8d89d77e9bb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34624", "type": "seen", "source": "https://t.me/cibsecurity/48438", "content": "\u203c CVE-2022-34624 \u203c\n\nMealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T18:17:23.000000Z"}, {"uuid": "cd825308-a2b3-412f-9267-9f21e7d9fb1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34625", "type": "seen", "source": "https://t.me/cibsecurity/47420", "content": "\u203c CVE-2022-34625 \u203c\n\nMealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T20:18:15.000000Z"}]}