CVE-2022-2133

Exploit

EPSS 0.25%
Veröffentlicht 17.07.2022 11:15:08
Zuletzt bearbeitet 21.11.2024 07:00:23
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.

Mögliche Gegenmaßnahme

OAuth Single Sign On – SSO (OAuth Client): Update to version 6.22.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt OAuth Single Sign On – SSO (OAuth Client)

Version *-6.22.5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Miniorange ≫ Oauth Single Sign On SwPlatformwordpress Version < 6.22.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.484

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://wpscan.com/vulnerability/e76939ca-180f-4472-a26a-e0c36cfd32de

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/fae6e691-0d2a-4784-8ab1-4923d650a703

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-2133

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2133

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2133

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-2133