Vulnerability Details : CVE-2022-4879
A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The patch is named 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-4879
- cpe:2.3:a:forged_alliance_forever_project:forged_alliance_forever:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-4879
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-4879
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.1
|
MEDIUM | AV:A/AC:L/Au:S/C:N/I:P/A:P |
5.1
|
4.9
|
VulDB | |
4.6
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
2.1
|
2.5
|
VulDB | |
4.6
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
2.1
|
2.5
|
VulDB | 2024-02-29 |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-4879
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: cna@vuldb.com (Secondary)
References for CVE-2022-4879
-
https://vuldb.com/?ctiid.217555
Permissions Required
-
https://github.com/FAForever/fa/releases/tag/3747
Release Game version 3747 · FAForever/fa · GitHubRelease Notes
-
https://github.com/FAForever/fa/pull/4398
Update recall by Hdt80bro · Pull Request #4398 · FAForever/fa · GitHubPatch
-
https://vuldb.com/?id.217555
Third Party Advisory
-
https://github.com/FAForever/fa/commit/6880971bd3d73d942384aff62d53058c206ce644
Update recall feature (#4398) · FAForever/fa@6880971 · GitHubPatch
Jump to