CVE-2022-30359

{"id": "CVE-2022-30359", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-10-25T17:15:03.570", "references": [{"url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30359", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-922"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences."}, {"lang": "es", "value": "OvalEdge 5.2.8.0 y versiones anteriores se ven afectadas por una vulnerabilidad de exposici\u00f3n de datos confidenciales a trav\u00e9s de una solicitud GET a /user/getUserList. Se requiere autenticaci\u00f3n. La informaci\u00f3n divulgada est\u00e1 asociada con todos los usuarios registrados, incluidos el ID de usuario, el estado, la direcci\u00f3n de correo electr\u00f3nico, los roles, el tipo de usuario, el tipo de licencia y los detalles personales, como el nombre, el apellido, el g\u00e9nero y las preferencias del usuario."}], "lastModified": "2024-10-31T16:37:47.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ovaledge:ovaledge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DF0DF16-A655-4EFC-9E7C-B167F483DAAB", "versionEndIncluding": "5.2.8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}