Vulnerability Details : CVE-2022-44216
Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.
Products affected by CVE-2022-44216
- cpe:2.3:a:sir:gnuboard:5.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:sir:gnuboard:5.5.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-44216
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-44216
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-44216
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-44216
-
https://gratis-herring-da5.notion.site/Gnuboard-Account-Takeover-version-5-5-4-5-5-5-2f69b0a21be642f58d8b7c72feea343a
Notion – The all-in-one workspace for your notes, tasks, wikis, and databases.Patch;Third Party Advisory
-
https://github.com/gnuboard/gnuboard5/commit/11718eb4c02ffdca5393bedc0300a75e4e7b19f2
[G5-80] 본인인증 비밀번호 찾기 후 비밀번호 변경 관련 수정 · gnuboard/gnuboard5@11718eb · GitHubPatch
-
https://sir.kr/g5_pds/6400
그누보드 - [보안패치] 그누보드(영카트) 5.5.6 이니시스 통합인증(간편인증) 사용시 필수 패치 > 그누보드5 다운로드Patch;Vendor Advisory
Jump to