CVE-2022-25570

{"id": "CVE-2022-25570", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-03-21T13:15:08.903", "references": [{"url": "https://sysadms.de/2022/03/cve-2022-25570-standard-berechtigungsmodell-im-passwortmanager-passwordstate-ermoeglicht-rechteausweitung/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://sysadms.de/2022/03/cve-2022-25570-standard-berechtigungsmodell-im-passwortmanager-passwordstate-ermoeglicht-rechteausweitung/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder."}, {"lang": "es", "value": "En Click Studios (SA) Pty Ltd Passwordstate 9435, los usuarios con acceso a una lista de contrase\u00f1as pueden conseguir acceso a otras listas de contrase\u00f1as sin permisos. En concreto, un usuario autenticado que presenta permisos de escritura en una lista de contrase\u00f1as de una carpeta (con el modelo de permisos por defecto) puede extender sus permisos a todas las dem\u00e1s listas de contrase\u00f1as de la misma carpeta"}], "lastModified": "2024-11-21T06:52:22.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clickstudios:passwordstate:9.4:build_9435:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB9EAD92-4CFD-4B12-A9CD-D48069D5E5FC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}