CVE-2022-39397

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29	Patch Third Party Advisory
https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:aliyun-oss-client_project:aliyun-oss-client:*:*:*:*:*:*:*:*

History

11 Jul 2023, 20:41

Type	Values Removed	Values Added
CWE	~~CWE-200~~	NVD-CWE-Other

Information

Published : 2022-11-22 21:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-39397

Mitre link : CVE-2022-39397

CVE.ORG link : CVE-2022-39397

JSON object : View

Products Affected

aliyun-oss-client_project

aliyun-oss-client

CWE

NVD-CWE-Other CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2022-39397", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 0.4}]}, "published": "2022-11-22T21:15:10.737", "references": [{"url": "https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1."}, {"lang": "es", "value": "aliyun-oss-client es un cliente rust para Alibaba Cloud OSS. Los usuarios de esta librer\u00eda se ver\u00e1n afectados y el secreto entrante se revelar\u00e1 sin querer. Este problema se solucion\u00f3 en la versi\u00f3n 0.8.1."}], "lastModified": "2023-07-11T20:41:50.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aliyun-oss-client_project:aliyun-oss-client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29E6F07E-E1D6-4EBE-B862-C764AB6E43C5", "versionEndExcluding": "0.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}