CVE-2022-31140

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use `Throwable#getMessage()` when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database connection exception showing database IP address/username/password, or a timeout detail / out of memory detail. Attackers could use this information for potential data exfiltration, denial of service attacks, enumeration attacks, etc. Version 0.12.0 contains a patch for this vulnerability.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/CuyZ/Valinor/releases/tag/0.12.0	Release Notes Third Party Advisory
https://github.com/CuyZ/Valinor/security/advisories/GHSA-5pgm-3j3g-2rc7	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cuyz:valinor:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-11 20:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-31140

Mitre link : CVE-2022-31140

CVE.ORG link : CVE-2022-31140

JSON object : View

Products Affected

cuyz

valinor

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2022-31140", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-11T20:15:08.747", "references": [{"url": "https://github.com/CuyZ/Valinor/releases/tag/0.12.0", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/CuyZ/Valinor/security/advisories/GHSA-5pgm-3j3g-2rc7", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use `Throwable#getMessage()` when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database connection exception showing database IP address/username/password, or a timeout detail / out of memory detail. Attackers could use this information for potential data exfiltration, denial of service attacks, enumeration attacks, etc. Version 0.12.0 contains a patch for this vulnerability."}, {"lang": "es", "value": "Valinor es una biblioteca de PHP que ayuda a mapear cualquier entrada en una estructura de objetos de valor fuertemente tipados. En versiones anteriores a 0.12.0, Valinor puede usar \"Throwable#getMessage()\" cuando no deber\u00eda tener permiso para hacerlo. Esto es un problema en casos como una excepci\u00f3n SQL que muestra un fragmento de SQL, una excepci\u00f3n de conexi\u00f3n a la base de datos que muestra la direcci\u00f3n IP/nombre de usuario/contrase\u00f1a de la base de datos, o un detalle de tiempo de espera / detalle de memoria agotada. Los atacantes podr\u00edan usar esta informaci\u00f3n para una potencial exfiltraci\u00f3n de datos, ataques de denegaci\u00f3n de servicio, ataques de enumeraci\u00f3n, etc. La versi\u00f3n 0.12.0 contiene un parche para esta vulnerabilidad"}], "lastModified": "2022-07-16T13:40:38.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cuyz:valinor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "336B8945-62B0-4D76-A833-33F74C1DD0AF", "versionEndExcluding": "0.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}