CVE-2022-0860
Aliases:GHSA-mcg6-h362-cmq5PYSEC-2022-177
Advisory lineage Upstream: 0 Downstream: 6
Modified
Published: 11 Mar 2022, 12:50
Last modified:02 Aug 2024, 23:40
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.1 CRITICAL
v3.1 (nvd)
EPSS Score
0.74% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
11 Mar 2022, 12:50
Published
Vulnerability first disclosed
02 Aug 2024, 23:40
Last Modified
Vulnerability information updated
Description
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
CVSS Metrics
- v4.0•HIGH•Score: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
- v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- v3.0•HIGH•Score: 8.2CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS Trends
Current EPSS score: 0.74%• Percentile: 73%
Techniques & Countermeasures
- CWE-863•Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
- CWE-285•Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Affected Systems
- cobbler_project•cobbler
< 3.3.2
- cobbler•cobbler/cobbler
≥ unspecified, < 3.3.2
- fedoraproject•fedora
34 | 35 | 36
- PyPI•cobbler
< 9044aa990a94752fa5bd5a24051adde099280bfa | < 3.3.2
References (16)
- https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d
- https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/
- https://github.com/cobbler/cobbler/security/advisories/GHSA-mcg6-h362-cmq5
- https://nvd.nist.gov/vuln/detail/CVE-2022-0860
- https://github.com/advisories/GHSA-mcg6-h362-cmq5
- https://github.com/cobbler/cobbler
- https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-177.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/