Vulnerabilites related to go-restful_project - go-restful
cve-2022-1996
Vulnerability from cvelistv5
Published
2022-06-06 00:00
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| emicklei | emicklei/go-restful |
Version: unspecified < v3.8.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:24:43.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1", }, { tags: [ "x_transferred", ], url: "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10", }, { name: "FEDORA-2022-185697ef56", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/", }, { name: "FEDORA-2022-589a0ad690", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/", }, { name: "FEDORA-2022-fae3ecee19", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", }, { name: "FEDORA-2022-ba365d3703", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", }, { name: "FEDORA-2022-30c5ed5625", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220923-0005/", }, { name: "FEDORA-2023-6550d9323b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/", }, { name: "FEDORA-2023-4e2068ba5d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/", }, { name: "FEDORA-2023-c9b2182a4e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "emicklei/go-restful", vendor: "emicklei", versions: [ { lessThan: "v3.8.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1", }, { url: "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10", }, { name: "FEDORA-2022-185697ef56", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/", }, { name: "FEDORA-2022-589a0ad690", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/", }, { name: "FEDORA-2022-fae3ecee19", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", }, { name: "FEDORA-2022-ba365d3703", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", }, { name: "FEDORA-2022-30c5ed5625", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", }, { url: "https://security.netapp.com/advisory/ntap-20220923-0005/", }, { name: "FEDORA-2023-6550d9323b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/", }, { name: "FEDORA-2023-4e2068ba5d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/", }, { name: "FEDORA-2023-c9b2182a4e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/", }, ], source: { advisory: "be837427-415c-4d8c-808b-62ce20aa84f1", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in emicklei/go-restful", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-1996", datePublished: "2022-06-06T00:00:00", dateReserved: "2022-06-06T00:00:00", dateUpdated: "2024-08-03T00:24:43.677Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-06-08 13:15
Modified
2024-11-21 06:41
Severity ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| go-restful_project | go-restful | * | |
| go-restful_project | go-restful | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:go-restful_project:go-restful:*:*:*:*:*:*:*:*", matchCriteriaId: "23CD29C7-E4EC-47EF-8D44-4976CC43789C", versionEndExcluding: "2.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:go-restful_project:go-restful:*:*:*:*:*:*:*:*", matchCriteriaId: "9244D03B-7D8E-4215-9BBC-0E78B70C4EEC", versionEndExcluding: "3.8.0", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.", }, { lang: "es", value: "Una Omisión de la Autorización Mediante una Clave Controlada por el Usuario en el repositorio GitHub emicklei/go-restful versiones anteriores a v3.8.0", }, ], id: "CVE-2022-1996", lastModified: "2024-11-21T06:41:54.873", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.8, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-08T13:15:07.987", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1", }, { source: "security@huntr.dev", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/", }, { source: "security@huntr.dev", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/", }, { source: "security@huntr.dev", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", }, { source: "security@huntr.dev", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/", }, { source: "security@huntr.dev", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/", }, { source: "security@huntr.dev", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", }, { source: "security@huntr.dev", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/", }, { source: "security@huntr.dev", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", }, { source: "security@huntr.dev", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220923-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220923-0005/", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }