CVE-2022-39397

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.

CVSS v3 5.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.4 / Impact : 4.7

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29	Patch Third Party Advisory
https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc	Third Party Advisory
https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29	Patch Third Party Advisory
https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:aliyun-oss-client_project:aliyun-oss-client:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:18

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 5.6
References	~~() https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29 - Patch, Third Party Advisory~~	() https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29 - Patch, Third Party Advisory
References	~~() https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc - Third Party Advisory~~	() https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc - Third Party Advisory

11 Jul 2023, 20:41

Type	Values Removed	Values Added
CWE	~~CWE-200~~	NVD-CWE-Other

Information

Published : 2022-11-22 21:15

Updated : 2024-11-21 07:18

NVD link : CVE-2022-39397

Mitre link : CVE-2022-39397

CVE.ORG link : CVE-2022-39397

JSON object : View

Products Affected

aliyun-oss-client_project

aliyun-oss-client

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-Other

{"id": "CVE-2022-39397", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 0.4}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-11-22T21:15:10.737", "references": [{"url": "https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1."}, {"lang": "es", "value": "aliyun-oss-client es un cliente rust para Alibaba Cloud OSS. Los usuarios de esta librer\u00eda se ver\u00e1n afectados y el secreto entrante se revelar\u00e1 sin querer. Este problema se solucion\u00f3 en la versi\u00f3n 0.8.1."}], "lastModified": "2024-11-21T07:18:12.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aliyun-oss-client_project:aliyun-oss-client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29E6F07E-E1D6-4EBE-B862-C764AB6E43C5", "versionEndExcluding": "0.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}