CVE-2022-2965 - OpenCVE

Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Notrinos	Notrinoserp

Configuration 1 [-]

cpe:2.3:a:notrinos:notrinoserp:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa
https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-08-23T15:40:09

Updated: 2024-08-03T00:52:59.886Z

Reserved: 2022-08-23T00:00:00

Link: CVE-2022-2965

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-23T16:15:10.387

Modified: 2022-08-26T20:16:29.210

Link: CVE-2022-2965

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "notrinos/notrinoserp", "vendor": "notrinos", "versions": [{"lessThan": "0.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-23T15:40:09", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"}], "source": {"advisory": "61e3bdf7-3548-45ea-b105-967abc0977f4", "discovery": "EXTERNAL"}, "title": "Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2965", "STATE": "PUBLIC", "TITLE": "Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "notrinos/notrinoserp", "version": {"version_data": [{"version_affected": "<", "version_value": "0.7"}]}}]}, "vendor_name": "notrinos"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"}, {"name": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa", "refsource": "MISC", "url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"}]}, "source": {"advisory": "61e3bdf7-3548-45ea-b105-967abc0977f4", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:52:59.886Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2965", "datePublished": "2022-08-23T15:40:09", "dateReserved": "2022-08-23T00:00:00", "dateUpdated": "2024-08-03T00:52:59.886Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}