CVE-2022-1236 - OpenCVE

Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Weseek	Growi

Configuration 1 [-]

cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/weseek/growi/commit/b584e2a47ee3c8ce1d8ef38238302825c015327e	Patch Third Party Advisory
https://huntr.dev/bounties/c7df088f-e355-45e6-9267-e41030dc6a32	Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-04-05T08:25:10

Updated: 2022-04-05T08:25:10

Reserved: 2022-04-05T00:00:00

Link: CVE-2022-1236

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-05T09:15:07.770

Modified: 2022-04-13T17:10:37.087

Link: CVE-2022-1236

JSON object: View

Redhat Information

No data.

CWE

CWE-521

{"containers": {"cna": {"affected": [{"product": "weseek/growi", "vendor": "weseek", "versions": [{"lessThan": "v5.0.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-521", "description": "CWE-521 Weak Password Requirements", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-05T08:25:10", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/c7df088f-e355-45e6-9267-e41030dc6a32"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/weseek/growi/commit/b584e2a47ee3c8ce1d8ef38238302825c015327e"}], "source": {"advisory": "c7df088f-e355-45e6-9267-e41030dc6a32", "discovery": "EXTERNAL"}, "title": "Weak Password Requirements in weseek/growi", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1236", "STATE": "PUBLIC", "TITLE": "Weak Password Requirements in weseek/growi"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "weseek/growi", "version": {"version_data": [{"version_affected": "<", "version_value": "v5.0.0"}]}}]}, "vendor_name": "weseek"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-521 Weak Password Requirements"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/c7df088f-e355-45e6-9267-e41030dc6a32", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/c7df088f-e355-45e6-9267-e41030dc6a32"}, {"name": "https://github.com/weseek/growi/commit/b584e2a47ee3c8ce1d8ef38238302825c015327e", "refsource": "MISC", "url": "https://github.com/weseek/growi/commit/b584e2a47ee3c8ce1d8ef38238302825c015327e"}]}, "source": {"advisory": "c7df088f-e355-45e6-9267-e41030dc6a32", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1236", "datePublished": "2022-04-05T08:25:10", "dateReserved": "2022-04-05T00:00:00", "dateUpdated": "2022-04-05T08:25:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", "matchCriteriaId": "7790B31F-6B88-4198-BDC5-282E4D675869", "versionEndExcluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0."}, {"lang": "es", "value": "Unos Requisitos D\u00e9biles de la Contrase\u00f1a en el repositorio de GitHub weseek/growi versiones anteriores a v5.0.0"}], "id": "CVE-2022-1236", "lastModified": "2022-04-13T17:10:37.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-05T09:15:07.770", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/weseek/growi/commit/b584e2a47ee3c8ce1d8ef38238302825c015327e"}, {"source": "security@huntr.dev", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/c7df088f-e355-45e6-9267-e41030dc6a32"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-521"}], "source": "security@huntr.dev", "type": "Primary"}]}