gsd-2022-1996
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-1996",
"description": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
"id": "GSD-2022-1996",
"references": [
"https://www.suse.com/security/cve/CVE-2022-1996.html",
"https://access.redhat.com/errata/RHSA-2022:6040",
"https://access.redhat.com/errata/RHSA-2022:6042",
"https://alas.aws.amazon.com/cve/html/CVE-2022-1996.html",
"https://access.redhat.com/errata/RHSA-2022:6351",
"https://access.redhat.com/errata/RHSA-2022:8609",
"https://access.redhat.com/errata/RHSA-2023:0814"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-1996"
],
"details": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
"id": "GSD-2022-1996",
"modified": "2023-12-13T01:19:28.595722Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1996",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass Through User-Controlled Key in emicklei/go-restful"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "emicklei/go-restful",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v3.8.0"
}
]
}
}
]
},
"vendor_name": "emicklei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1"
},
{
"name": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10",
"refsource": "MISC",
"url": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10"
},
{
"name": "FEDORA-2022-185697ef56",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/"
},
{
"name": "FEDORA-2022-589a0ad690",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220923-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220923-0005/"
},
{
"name": "FEDORA-2023-6550d9323b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/"
},
{
"name": "FEDORA-2023-4e2068ba5d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/"
},
{
"name": "FEDORA-2023-c9b2182a4e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/"
}
]
},
"source": {
"advisory": "be837427-415c-4d8c-808b-62ce20aa84f1",
"discovery": "EXTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003cv2.16.0 || \u003e=v3.0.0 \u003cv3.8.0",
"affected_versions": "All versions before 2.16.0, all versions starting from 3.0.0 before 3.8.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-639",
"CWE-937"
],
"date": "2023-02-23",
"description": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
"fixed_versions": [
"v2.16.0",
"v3.8.0"
],
"identifier": "CVE-2022-1996",
"identifiers": [
"CVE-2022-1996",
"GHSA-r48q-9g5r-8q2h"
],
"not_impacted": "",
"package_slug": "go/github.com/emicklei/go-restful",
"pubdate": "2022-06-08",
"solution": "Upgrade to versions 2.16.0, 3.8.0 or above.",
"title": "Authorization Bypass Through User-Controlled Key in go-restful",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10",
"https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1",
"https://github.com/emicklei/go-restful/issues/489",
"https://github.com/advisories/GHSA-r48q-9g5r-8q2h"
],
"uuid": "5b334f94-b462-4a82-a6d7-0a33dbf75a52",
"versions": [
{
"commit": {
"sha": "8ed6b2ad87c8242589da4e1aa62ca62a130bdb39",
"tags": [
"v3.0.0"
],
"timestamp": "20200112161832"
},
"number": "v3.0.0"
},
{
"commit": {
"sha": "3382802bdf11d941f12ad48e4cfe36f09a7dd423",
"tags": [
"v3.8.0"
],
"timestamp": "20220606055442"
},
"number": "v3.8.0"
},
{
"commit": {
"sha": "eed2f02e675e29756d5616fc6ff8018ed1d3480f",
"tags": [
"v2.16.0"
],
"timestamp": "20220711191456"
},
"number": "v2.16.0"
}
]
},
{
"affected_range": "\u003cv2.16.0||\u003e=v3.0.0 \u003cv3.8.0",
"affected_versions": "All versions before v2.16.0, all versions starting from v3.0.0 before v3.8.0",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-639"
],
"date": "2022-07-21",
"description": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful",
"fixed_versions": [
"v2.16.0",
"v3.8.0"
],
"identifier": "CVE-2022-1996",
"identifiers": [
"GHSA-r48q-9g5r-8q2h",
"CVE-2022-1996"
],
"not_impacted": "All versions starting from v2.16.0 before v3.0.0, all versions starting from v3.8.0",
"package_slug": "go/github.com/emicklei/go-restful/v2",
"pubdate": "2022-06-09",
"solution": "Upgrade to versions 2.16.0, 3.8.0 or above.",
"title": "Authorization Bypass Through User-Controlled Key in go-restful",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10",
"https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1",
"https://github.com/emicklei/go-restful/issues/489",
"https://github.com/advisories/GHSA-r48q-9g5r-8q2h"
],
"uuid": "34f7f7fe-7ded-4b51-ba08-2b33cfc994b1",
"versions": [
{
"commit": {
"sha": "8ed6b2ad87c8242589da4e1aa62ca62a130bdb39",
"tags": [
"v3.0.0"
],
"timestamp": "20200112161832"
},
"number": "v3.0.0"
},
{
"commit": {
"sha": "3382802bdf11d941f12ad48e4cfe36f09a7dd423",
"tags": [
"v3.8.0"
],
"timestamp": "20220606055442"
},
"number": "v3.8.0"
},
{
"commit": {
"sha": "ac666c045e035603f2704c98c59e979fccbfa94f",
"tags": [
"v2.16.0"
],
"timestamp": "20220711191456"
},
"number": "v2.16.0"
}
]
},
{
"affected_range": "\u003cv3.8.0",
"affected_versions": "All versions before 3.8.0",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-639"
],
"date": "2022-06-09",
"description": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
"fixed_versions": [
"v3.8.0"
],
"identifier": "CVE-2022-1996",
"identifiers": [
"GHSA-r48q-9g5r-8q2h",
"CVE-2022-1996"
],
"not_impacted": "All versions starting from 3.8.0",
"package_slug": "go/github.com/emicklei/go-restful/v3",
"pubdate": "2022-06-09",
"solution": "Upgrade to version 3.8.0 or above.",
"title": "Authorization Bypass Through User-Controlled Key in go-restful",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10",
"https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1",
"https://github.com/emicklei/go-restful/issues/489",
"https://github.com/advisories/GHSA-r48q-9g5r-8q2h"
],
"uuid": "581a2d21-bf18-4826-913a-6e7e9f7f67ab",
"versions": [
{
"commit": {
"sha": "3382802bdf11d941f12ad48e4cfe36f09a7dd423",
"tags": [
"v3.8.0"
],
"timestamp": "20220606055442"
},
"number": "v3.8.0"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:go-restful_project:go-restful:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:go-restful_project:go-restful:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1996"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1"
},
{
"name": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10"
},
{
"name": "FEDORA-2022-185697ef56",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/"
},
{
"name": "FEDORA-2022-589a0ad690",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220923-0005/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0005/"
},
{
"name": "FEDORA-2023-4e2068ba5d",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/"
},
{
"name": "FEDORA-2023-6550d9323b",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/"
},
{
"name": "FEDORA-2023-c9b2182a4e",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2023-02-23T04:15Z",
"publishedDate": "2022-06-08T13:15Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.