CVE-2022-32769

EPSS 0.18%
Published 22.08.2022 19:15:10
Last modified 21.11.2024 07:06:55
Source talos-cna@cisco.com
Teams watchlist Login
Open Login

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Wwbn ≫ Avideo Version11.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.396

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	1.6	3.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
talos-cna@cisco.com	4.8	2.2	2.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536

Third Party Advisory

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2022-32769

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-32769

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-32769

EUVD