CVE-2022-1996 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-1996

CVE-2022-1996

June 06, 2022

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

Affected Packages

github.com/emicklei/go-restful/v3 (GO):

Affected version(s) >=v3.0.0 <v3.8.0

Fix Suggestion:

Update to version v3.8.0

Related Resources (28)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/

https://pkg.go.dev/vuln/GO-2022-0619

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5

https://github.com/emicklei/go-restful/commit/926662532deb450272956c7bc573978464aae74e

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1996.json

https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR

https://github.com/emicklei/go-restful/commit/f292efff46ae17e9d104f865a60a39a2ae9402f1

https://nvd.nist.gov/vuln/detail/CVE-2022-1996

https://security.netapp.com/advisory/ntap-20220923-0005

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB

https://github.com/emicklei/go-restful

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/

https://security.netapp.com/advisory/ntap-20220923-0005/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/

https://security-tracker.debian.org/tracker/CVE-2022-1996

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/

https://github.com/emicklei/go-restful/issues/489

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3

https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/

Do you need more information?

CVSS v4

Base Score:

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

NONE

CVSS v3

Base Score:

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

CVSS v2

Base Score:

6.4

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

EPSS

Base Score:

0.96

Products

Solutions

Resources

Company

Compare

Developer Tools