CVE-2022-2027 - OpenCVE

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kromit	Titra

Configuration 1 [-]

cpe:2.3:a:kromit:titra:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694	Patch Third Party Advisory
https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-06-08T08:35:23

Updated: 2022-06-08T08:35:23

Reserved: 2022-06-08T00:00:00

Link: CVE-2022-2027

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-09T17:15:09.553

Modified: 2022-06-15T21:13:35.427

Link: CVE-2022-2027

JSON object: View

Redhat Information

No data.

CWE

CWE-1236

{"containers": {"cna": {"affected": [{"product": "kromitgmbh/titra", "vendor": "kromitgmbh", "versions": [{"lessThan": "0.77.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1236", "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-08T08:35:23", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"}], "source": {"advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d", "discovery": "EXTERNAL"}, "title": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2027", "STATE": "PUBLIC", "TITLE": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kromitgmbh/titra", "version": {"version_data": [{"version_affected": "<", "version_value": "0.77.0"}]}}]}, "vendor_name": "kromitgmbh"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694", "refsource": "MISC", "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"}, {"name": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"}]}, "source": {"advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2027", "datePublished": "2022-06-08T08:35:23", "dateReserved": "2022-06-08T00:00:00", "dateUpdated": "2022-06-08T08:35:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kromit:titra:*:*:*:*:*:*:*:*", "matchCriteriaId": "E888316C-DF43-46B1-855A-EFA26B731418", "versionEndExcluding": "0.77.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."}, {"lang": "es", "value": "Una Neutralizaci\u00f3n inadecuada de Elementos de F\u00f3rmula en un Archivo CSV en el repositorio de GitHub kromitgmbh/titra versiones anteriores a 0.77.0"}], "id": "CVE-2022-2027", "lastModified": "2022-06-15T21:13:35.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-09T17:15:09.553", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1236"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1236"}], "source": "security@huntr.dev", "type": "Secondary"}]}