CVE-2022-1224 - OpenCVE

Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpipam	Phpipam

Configuration 1 [-]

cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953
https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-04-04T10:45:15

Updated: 2024-08-02T23:55:24.593Z

Reserved: 2022-04-04T00:00:00

Link: CVE-2022-1224

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-04T11:15:08.067

Modified: 2022-04-11T16:42:06.027

Link: CVE-2022-1224

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "phpipam/phpipam", "vendor": "phpipam", "versions": [{"lessThan": "1.4.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-04T10:45:15", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"}], "source": {"advisory": "cd9e1508-5682-427e-a921-14b4f520b85a", "discovery": "EXTERNAL"}, "title": "Improper Authorization in phpipam/phpipam", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1224", "STATE": "PUBLIC", "TITLE": "Improper Authorization in phpipam/phpipam"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "phpipam/phpipam", "version": {"version_data": [{"version_affected": "<", "version_value": "1.4.6"}]}}]}, "vendor_name": "phpipam"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a"}, {"name": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", "refsource": "MISC", "url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"}]}, "source": {"advisory": "cd9e1508-5682-427e-a921-14b4f520b85a", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.593Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1224", "datePublished": "2022-04-04T10:45:15", "dateReserved": "2022-04-04T00:00:00", "dateUpdated": "2024-08-02T23:55:24.593Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", "matchCriteriaId": "18904167-103A-48E2-A8A6-075986A292B9", "versionEndExcluding": "1.4.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6."}, {"lang": "es", "value": "Una Autorizaci\u00f3n Inapropiada en el repositorio de GitHub phpipam/phpipam versiones anteriores a 1.4.6"}], "id": "CVE-2022-1224", "lastModified": "2022-04-11T16:42:06.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-04T11:15:08.067", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/cd9e1508-5682-427e-a921-14b4f520b85a"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "security@huntr.dev", "type": "Secondary"}]}