csaf_certbund - wid-sec-w-2022-0416

WID-SEC-W-2022-0416

Vulnerability from csaf_certbund - Published: 2022-02-01 23:00 - Updated: 2025-03-18 23:00

Summary

PostgreSQL JDBC Treiber: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

PostgreSQL ist eine frei verfügbare Datenbank für unterschiedliche Betriebssysteme.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle im PostgreSQL JDBC Treiber ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PostgreSQL ist eine frei verf\u00fcgbare Datenbank f\u00fcr unterschiedliche Betriebssysteme.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle im PostgreSQL JDBC Treiber ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0416 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0416.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0416 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0416"
      },
      {
        "category": "external",
        "summary": "Github Security Advisory vom 2022-02-01",
        "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
      },
      {
        "category": "external",
        "summary": "Job Scheduler Vulnerability Release vom 2022-02-02",
        "url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+2.2.2"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3018 vom 2022-05-21",
        "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2145-1 vom 2022-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011317.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2143-1 vom 2022-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011318.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5196 vom 2022-07-31",
        "url": "https://lists.debian.org/debian-security-announce/2022/msg00165.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6835 vom 2022-10-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6835"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7085890 vom 2023-11-29",
        "url": "https://www.ibm.com/support/pages/node/7085890"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
        "url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin",
        "url": "https://confluence.atlassian.com/security/security-bulletin-march-18-2025-1527943363.html"
      }
    ],
    "source_lang": "en-US",
    "title": "PostgreSQL JDBC Treiber: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2025-03-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-03-19T12:11:14.669+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2022-0416",
      "initial_release_date": "2022-02-01T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-02-01T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-02-03T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SOS GmbH aufgenommen; Anpassung Produkte"
        },
        {
          "date": "2022-04-06T22:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-1151F65E9A"
        },
        {
          "date": "2022-05-22T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-06-20T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-07-31T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-10-06T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-29T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-12-26T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-03-18T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Atlassian aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.5.2",
                "product": {
                  "name": "Atlassian Bitbucket \u003c9.5.2",
                  "product_id": "T041970"
                }
              },
              {
                "category": "product_version",
                "name": "9.5.2",
                "product": {
                  "name": "Atlassian Bitbucket 9.5.2",
                  "product_id": "T041970-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:9.5.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.4",
                "product": {
                  "name": "Atlassian Bitbucket \u003c9.4.4",
                  "product_id": "T041971"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.4",
                "product": {
                  "name": "Atlassian Bitbucket 9.4.4",
                  "product_id": "T041971-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:9.4.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.19.16",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.19.16",
                  "product_id": "T041972"
                }
              },
              {
                "category": "product_version",
                "name": "8.19.16",
                "product": {
                  "name": "Atlassian Bitbucket 8.19.16",
                  "product_id": "T041972-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.19.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.9.26",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.9.26",
                  "product_id": "T041973"
                }
              },
              {
                "category": "product_version",
                "name": "8.9.26",
                "product": {
                  "name": "Atlassian Bitbucket 8.9.26",
                  "product_id": "T041973-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.9.26"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "JDBC Driver \u003c42.2.25",
                "product": {
                  "name": "Open Source PostgreSQL JDBC Driver \u003c42.2.25",
                  "product_id": "T021946"
                }
              },
              {
                "category": "product_version",
                "name": "JDBC Driver 42.2.25",
                "product": {
                  "name": "Open Source PostgreSQL JDBC Driver 42.2.25",
                  "product_id": "T021946-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:postgresql:postgresql:42.2.25::jdbc_driver"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "JDBC Driver \u003c42.3.2",
                "product": {
                  "name": "Open Source PostgreSQL JDBC Driver \u003c42.3.2",
                  "product_id": "T021947"
                }
              },
              {
                "category": "product_version",
                "name": "JDBC Driver 42.3.2",
                "product": {
                  "name": "Open Source PostgreSQL JDBC Driver 42.3.2",
                  "product_id": "T021947-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:postgresql:postgresql:42.3.2::jdbc_driver"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PostgreSQL"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SOS GmbH JobScheduler",
            "product": {
              "name": "SOS GmbH JobScheduler",
              "product_id": "T021263",
              "product_identification_helper": {
                "cpe": "cpe:/a:sos_gmbh:jobscheduler:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SOS GmbH"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-21724",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T021947",
          "T021946",
          "T041973",
          "T041972",
          "T041971",
          "T041970",
          "T021263"
        ]
      },
      "release_date": "2022-02-01T23:00:00.000+00:00",
      "title": "CVE-2022-21724"
    }
  ]
}

CVE-2022-21724 (GCVE-0-2022-21724)

Vulnerability from cvelistv5 – Published: 2022-02-02 11:48 – Updated: 2025-05-05 16:33

Summary

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

GitHub_M

References

URL

Tags

	https://github.com/pgjdbc/pgjdbc/security/advisor…	x_refsource_CONFIRM
	https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2022031…	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2022/dsa-5196	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:53:35.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220311-0005/"
          },
          {
            "name": "FEDORA-2022-1151f65e9a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"
          },
          {
            "name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3018-1] libpgjava security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
          },
          {
            "name": "DSA-5196",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5196"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21724",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T15:45:52.558015Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-665",
                "description": "CWE-665 Improper Initialization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:33:21.079Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-31T19:06:26.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220311-0005/"
        },
        {
          "name": "FEDORA-2022-1151f65e9a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"
        },
        {
          "name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3018-1] libpgjava security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
        },
        {
          "name": "DSA-5196",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5196"
        }
      ],
      "source": {
        "advisory": "GHSA-v7wg-cpwc-24m4",
        "discovery": "UNKNOWN"
      },
      "title": "Unchecked Class Instantiation when providing Plugin Classes",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-21724",
          "STATE": "PUBLIC",
          "TITLE": "Unchecked Class Instantiation when providing Plugin Classes"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4",
              "refsource": "CONFIRM",
              "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
            },
            {
              "name": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813",
              "refsource": "MISC",
              "url": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220311-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220311-0005/"
            },
            {
              "name": "FEDORA-2022-1151f65e9a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"
            },
            {
              "name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3018-1] libpgjava security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
            },
            {
              "name": "DSA-5196",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5196"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-v7wg-cpwc-24m4",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-21724",
    "datePublished": "2022-02-02T11:48:52.000Z",
    "dateReserved": "2021-11-16T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:33:21.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2022-0416

CVE-2022-21724 (GCVE-0-2022-21724)

Tags

Sightings

Nomenclature