CVE-2022-2732 - Vulnerability Details - OpenCVE

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Open-emr	Openemr

Configuration 1 [-]

cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6
https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533

History

Wed, 20 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-08-09T12:06:13

Updated: 2024-11-20T16:18:21.615Z

Reserved: 2022-08-09T00:00:00

Link: CVE-2022-2732

Vulnrichment

Updated: 2024-08-03T00:46:04.006Z

NVD

Status : Modified

Published: 2022-08-09T12:15:08.357

Modified: 2024-11-21T07:01:36.087

Link: CVE-2022-2732

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "openemr/openemr", "vendor": "openemr", "versions": [{"lessThan": "7.0.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.</p>"}], "value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-08-02T08:56:50.974Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"}], "source": {"advisory": "8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "discovery": "EXTERNAL"}, "title": "Missing Authorization in openemr/openemr", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2732", "STATE": "PUBLIC", "TITLE": "Improper Privilege Management in openemr/openemr"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openemr/openemr", "version": {"version_data": [{"version_affected": "<", "version_value": "7.0.0.1"}]}}]}, "vendor_name": "openemr"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6", "refsource": "MISC", "url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"}, {"name": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"}]}, "source": {"advisory": "8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:04.006Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-08T18:06:06.542277Z", "id": "CVE-2022-2732", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T16:18:21.615Z"}}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2732", "datePublished": "2022-08-09T12:06:13", "dateReserved": "2022-08-09T00:00:00", "dateUpdated": "2024-11-20T16:18:21.615Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:04.006Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2732", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-08T18:06:06.542277Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T16:18:06.341Z"}}], "cna": {"title": "Missing Authorization in openemr/openemr", "source": {"advisory": "8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "openemr", "product": "openemr/openemr", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.0.0.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6", "tags": ["x_refsource_MISC"]}, {"url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "tags": ["x_refsource_CONFIRM"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-08-02T08:56:50.974Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, "source": {"advisory": "8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "7.0.0.1", "version_affected": "<"}]}, "product_name": "openemr/openemr"}]}, "vendor_name": "openemr"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6", "name": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6", "refsource": "MISC"}, {"url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "name": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-2732", "STATE": "PUBLIC", "TITLE": "Improper Privilege Management in openemr/openemr", "ASSIGNER": "security@huntr.dev"}}}}, "cveMetadata": {"cveId": "CVE-2022-2732", "state": "PUBLISHED", "dateUpdated": "2024-11-20T16:18:21.615Z", "dateReserved": "2022-08-09T00:00:00", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2022-08-09T12:06:13", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BE76D51-2D38-44E8-9ED0-630F49F42168", "versionEndExcluding": "7.0.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.\n\n"}, {"lang": "es", "value": "Una Administraci\u00f3n inapropiada de Privilegios en el repositorio de GitHub openemr/openemr versiones anteriores a 7.0.0.1"}], "id": "CVE-2022-2732", "lastModified": "2024-11-21T07:01:36.087", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security@huntr.dev", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-09T12:15:08.357", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Secondary"}]}