CVE-2022-46176 (GCVE-0-2022-46176)

Vulnerability from cvelistv5 – Published: 2023-01-11 20:07 – Updated: 2025-03-10 21:30
VLAI?
Summary
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
Vendor Product Version
rust-lang cargo Affected: <= 0.67.0
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:24:03.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j"
          },
          {
            "name": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/11/05/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/11/06/5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-46176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-10T21:00:13.565262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-10T21:30:29.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cargo",
          "vendor": "rust-lang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 0.67.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don\u0027t explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git\u0027s [`url.\u003cbase\u003e.insteadOf`][1] setting), as that\u0027d cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server\u0027s public key is not already trusted. We recommend everyone to upgrade as soon as possible."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-07T00:06:30.987Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j"
        },
        {
          "name": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/11/05/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/11/06/5"
        }
      ],
      "source": {
        "advisory": "GHSA-r5w3-xm58-jv6j",
        "discovery": "UNKNOWN"
      },
      "title": "Cargo did not verify SSH host keys"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-46176",
    "datePublished": "2023-01-11T20:07:12.847Z",
    "dateReserved": "2022-11-28T17:27:19.999Z",
    "dateUpdated": "2025-03-10T21:30:29.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rust-lang:cargo:*:*:*:*:*:rust:*:*\", \"versionEndIncluding\": \"0.67.0\", \"matchCriteriaId\": \"4C77F904-4E61-4DCA-BE20-B00B808B988D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don\u0027t explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git\u0027s [`url.\u003cbase\u003e.insteadOf`][1] setting), as that\u0027d cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server\u0027s public key is not already trusted. We recommend everyone to upgrade as soon as possible. \"}, {\"lang\": \"es\", \"value\": \"Cargo es un administrador de paquetes de Rust. Se notific\\u00f3 al Grupo de Trabajo de Respuesta de Seguridad de Rust que Cargo no realiz\\u00f3 la verificaci\\u00f3n de la clave de host SSH al clonar \\u00edndices y dependencias a trav\\u00e9s de SSH. Un atacante podr\\u00eda aprovechar esto para realizar ataques de intermediario (MITM). A esta vulnerabilidad se le ha asignado CVE-2022-46176. Todas las versiones de Rust que contienen Cargo anteriores a la 1.66.1 son vulnerables. Tenga en cuenta que incluso si no usa SSH expl\\u00edcitamente para \\u00edndices de registro alternativos o dependencias de cajas, podr\\u00eda verse afectado por esta vulnerabilidad si ha configurado git para reemplazar las conexiones HTTPS a GitHub con SSH (a trav\\u00e9s de [`url..insteadOf`] de git). [1]), ya que eso har\\u00eda que clonaras el \\u00edndice de crates.io a trav\\u00e9s de SSH. Rust 1.66.1 garantizar\\u00e1 que Cargo verifique la clave del host SSH y cancelar\\u00e1 la conexi\\u00f3n si la clave p\\u00fablica del servidor a\\u00fan no es confiable. Recomendamos a todos que actualicen lo antes posible.\"}]",
      "id": "CVE-2022-46176",
      "lastModified": "2024-11-21T07:30:15.910",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}]}",
      "published": "2023-01-11T21:15:10.087",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/05/6\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/06/5\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/05/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/06/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-347\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-46176\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-01-11T21:15:10.087\",\"lastModified\":\"2024-11-21T07:30:15.910\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don\u0027t explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git\u0027s [`url.\u003cbase\u003e.insteadOf`][1] setting), as that\u0027d cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server\u0027s public key is not already trusted. We recommend everyone to upgrade as soon as possible. \"},{\"lang\":\"es\",\"value\":\"Cargo es un administrador de paquetes de Rust. Se notific\u00f3 al Grupo de Trabajo de Respuesta de Seguridad de Rust que Cargo no realiz\u00f3 la verificaci\u00f3n de la clave de host SSH al clonar \u00edndices y dependencias a trav\u00e9s de SSH. Un atacante podr\u00eda aprovechar esto para realizar ataques de intermediario (MITM). A esta vulnerabilidad se le ha asignado CVE-2022-46176. Todas las versiones de Rust que contienen Cargo anteriores a la 1.66.1 son vulnerables. Tenga en cuenta que incluso si no usa SSH expl\u00edcitamente para \u00edndices de registro alternativos o dependencias de cajas, podr\u00eda verse afectado por esta vulnerabilidad si ha configurado git para reemplazar las conexiones HTTPS a GitHub con SSH (a trav\u00e9s de [`url..insteadOf`] de git). [1]), ya que eso har\u00eda que clonaras el \u00edndice de crates.io a trav\u00e9s de SSH. Rust 1.66.1 garantizar\u00e1 que Cargo verifique la clave del host SSH y cancelar\u00e1 la conexi\u00f3n si la clave p\u00fablica del servidor a\u00fan no es confiable. Recomendamos a todos que actualicen lo antes posible.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rust-lang:cargo:*:*:*:*:*:rust:*:*\",\"versionEndIncluding\":\"0.67.0\",\"matchCriteriaId\":\"4C77F904-4E61-4DCA-BE20-B00B808B988D\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/05/6\",\"source\":\"security-advisories@github.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/06/5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/05/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/06/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j\", \"name\": \"https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\", \"name\": \"https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/05/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/06/5\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:24:03.428Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-46176\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-10T21:00:13.565262Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-10T21:00:14.996Z\"}}], \"cna\": {\"title\": \"Cargo did not verify SSH host keys\", \"source\": {\"advisory\": \"GHSA-r5w3-xm58-jv6j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"rust-lang\", \"product\": \"cargo\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 0.67.0\"}]}], \"references\": [{\"url\": \"https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j\", \"name\": \"https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\", \"name\": \"https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/05/6\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/06/5\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don\u0027t explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git\u0027s [`url.\u003cbase\u003e.insteadOf`][1] setting), as that\u0027d cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server\u0027s public key is not already trusted. We recommend everyone to upgrade as soon as possible.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-347\", \"description\": \"CWE-347: Improper Verification of Cryptographic Signature\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-11-07T00:06:30.987Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-46176\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-10T21:30:29.733Z\", \"dateReserved\": \"2022-11-28T17:27:19.999Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-01-11T20:07:12.847Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.