CVE-2022-4877 - OpenCVE

A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is d41f3697926b231782a3ad8050f5af1ce5cc40b7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217444.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Keter Project	Keter

Configuration 1 [-]

cpe:2.3:a:keter_project:keter:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/snoyberg/keter/commit/d41f3697926b231782a3ad8050f5af1ce5cc40b7
https://github.com/snoyberg/keter/pull/246
https://github.com/snoyberg/keter/releases/tag/keter%2F1.8.2
https://vuldb.com/?ctiid.217444
https://vuldb.com/?id.217444

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-01-05T09:14:02.136Z

Updated: 2024-08-03T01:55:46.161Z

Reserved: 2023-01-05T09:12:48.919Z

Link: CVE-2022-4877

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-05T10:15:10.073

Modified: 2024-05-17T02:17:00.577

Link: CVE-2022-4877

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4877", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-01-05T09:12:48.919Z", "datePublished": "2023-01-05T09:14:02.136Z", "dateUpdated": "2024-08-03T01:55:46.161Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T14:18:34.856Z"}, "title": "snoyberg keter Proxy.hs cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "snoyberg", "product": "keter", "versions": [{"version": "1.8.0", "status": "affected"}, {"version": "1.8.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is d41f3697926b231782a3ad8050f5af1ce5cc40b7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217444."}, {"lang": "de", "value": "In snoyberg keter bis 1.8.1 wurde eine problematische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei Keter/Proxy.hs. Durch das Manipulieren des Arguments host mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.8.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d41f3697926b231782a3ad8050f5af1ce5cc40b7 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2023-01-05T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-01-05T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-01-05T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-01-28T14:57:37.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB GitHub Commit Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.217444", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.217444", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/snoyberg/keter/pull/246", "tags": ["issue-tracking"]}, {"url": "https://github.com/snoyberg/keter/commit/d41f3697926b231782a3ad8050f5af1ce5cc40b7", "tags": ["patch"]}, {"url": "https://github.com/snoyberg/keter/releases/tag/keter%2F1.8.2", "tags": ["patch"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:55:46.161Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.217444", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.217444", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/snoyberg/keter/pull/246", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://github.com/snoyberg/keter/commit/d41f3697926b231782a3ad8050f5af1ce5cc40b7", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/snoyberg/keter/releases/tag/keter%2F1.8.2", "tags": ["patch", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:keter_project:keter:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EA0065A-D39D-4DE2-8E90-31637558BFC9", "versionEndExcluding": "1.8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is d41f3697926b231782a3ad8050f5af1ce5cc40b7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217444."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en snoyberg keter hasta 1.8.1 y se ha clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo Keter/Proxy.hs. La manipulaci\u00f3n del argumento host conduce a cross-site scripting. El ataque se puede iniciar de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.8.2 puede solucionar este problema. El nombre del parche es d41f3697926b231782a3ad8050f5af1ce5cc40b7. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-217444."}], "id": "CVE-2022-4877", "lastModified": "2024-05-17T02:17:00.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-01-05T10:15:10.073", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/snoyberg/keter/commit/d41f3697926b231782a3ad8050f5af1ce5cc40b7"}, {"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/snoyberg/keter/pull/246"}, {"source": "cna@vuldb.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/snoyberg/keter/releases/tag/keter%2F1.8.2"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.217444"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.217444"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Primary"}]}