CVE-2022-3582

A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/jusstSahil/CSRF-/blob/main/POC	Exploit Third Party Advisory
https://vuldb.com/?id.211189	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:simple_cold_storage_management_system:1.0:*:*:*:*:*:*:*

History

28 Dec 2023, 16:46

Type	Values Removed	Values Added
First Time		Oretnom23 simple Cold Storage Management System Oretnom23
CPE	cpe:2.3:a:simple_cold_storage_management_system_project:simple_cold_storage_management_system:1.0:::::::*	cpe:2.3:a:oretnom23:simple_cold_storage_management_system:1.0:::::::*

21 Jul 2023, 21:04

Type	Values Removed	Values Added
CWE	CWE-863 CWE-862

Information

Published : 2022-10-18 11:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-3582

Mitre link : CVE-2022-3582

CVE.ORG link : CVE-2022-3582

JSON object : View

Products Affected

oretnom23

simple_cold_storage_management_system

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-863

Incorrect Authorization

{"id": "CVE-2022-3582", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-10-18T11:15:09.890", "references": [{"url": "https://github.com/jusstSahil/CSRF-/blob/main/POC", "tags": ["Exploit", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.211189", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en SourceCodester Simple Cold Storage Management System versi\u00f3n 1.0 y ha sido clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida. La manipulaci\u00f3n del argumento cambio de contrase\u00f1a conlleva a un ataque de tipo cross-site request forgery. El ataque puede ser lanzado remotamente. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. El identificador VDB-211189 fue asignado a esta vulnerabilidad"}], "lastModified": "2023-12-28T16:46:19.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:simple_cold_storage_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46B90B33-68A7-49D0-AC82-B19068310C9C"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}