Vulnerability Details : CVE-2022-2651
Potential exploit
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
Products affected by CVE-2022-2651
- cpe:2.3:a:joinbookwyrm:bookwyrm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-2651
0.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-2651
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
huntr.dev | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-2651
-
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.Assigned by: security@huntr.dev (Primary)
References for CVE-2022-2651
-
http://packetstormsecurity.com/files/168423/Bookwyrm-0.4.3-Authentication-Bypass.html
Bookwyrm 0.4.3 Authentication Bypass ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18b697d895563c92f
Merge pull request #2230 from bookwyrm-social/nginx-rate-limit · bookwyrm-social/bookwyrm@7bbe42f · GitHubPatch;Third Party Advisory
-
https://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550
Email Verification Bypass Leads To Account Takeover vulnerability found in bookwyrmExploit;Patch;Third Party Advisory
Jump to