CVE-2022-2815 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-2815

CVE-2022-2815

January 14, 2023

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.

Affected Packages

publify_core (RUBY):

Affected version(s) >=9.0.0 <9.2.10

Fix Suggestion:

Update to version 9.2.10

Related Resources (7)

https://huntr.dev/bounties/22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4

https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd

https://nvd.nist.gov/vuln/detail/CVE-2022-2815

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2022-2815.yml

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2815.json

https://github.com/publify/publify

https://github.com/publify/publify_core/commit/33f897c12b6efdcdfd8cf9df924deba0f878b71e

Do you need more information?

CVSS v4

Base Score:

5.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Insecure Storage of Sensitive Information

CWE-922

EPSS

Base Score:

0.10

Products

Solutions

Resources

Company

Compare

Developer Tools