CVE-2022-23603 - OpenCVE

iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Itunesrpc-remastered Project	Itunesrpc-remastered

Configuration 1 [-]

cpe:2.3:a:itunesrpc-remastered_project:itunesrpc-remastered:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/bildsben/iTunesRPC-Remastered/commit/24f43aac0f4116b3d89fdbe973ba92c6cfb0d998	Patch Third Party Advisory
https://github.com/bildsben/iTunesRPC-Remastered/commit/54b02d9f3a94de94e4fb471908b8cf798e62e411	Patch Third Party Advisory
https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-3xpp-rhqx-cw96	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-02-01T10:43:59

Updated: 2022-02-01T10:43:59

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23603

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-01T11:15:11.493

Modified: 2023-06-27T02:39:56.183

Link: CVE-2022-23603

JSON object: View

Redhat Information

No data.

CWE

CWE-116

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-01T10:43:59", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-3xpp-rhqx-cw96"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bildsben/iTunesRPC-Remastered/commit/24f43aac0f4116b3d89fdbe973ba92c6cfb0d998"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bildsben/iTunesRPC-Remastered/commit/54b02d9f3a94de94e4fb471908b8cf798e62e411"}], "source": {"advisory": "GHSA-3xpp-rhqx-cw96", "discovery": "UNKNOWN"}, "title": "Code injection in iTunesRPC-Remastered ", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23603", "STATE": "PUBLIC", "TITLE": "Code injection in iTunesRPC-Remastered "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-3xpp-rhqx-cw96", "refsource": "CONFIRM", "url": "https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-3xpp-rhqx-cw96"}, {"name": "https://github.com/bildsben/iTunesRPC-Remastered/commit/24f43aac0f4116b3d89fdbe973ba92c6cfb0d998", "refsource": "MISC", "url": "https://github.com/bildsben/iTunesRPC-Remastered/commit/24f43aac0f4116b3d89fdbe973ba92c6cfb0d998"}, {"name": "https://github.com/bildsben/iTunesRPC-Remastered/commit/54b02d9f3a94de94e4fb471908b8cf798e62e411", "refsource": "MISC", "url": "https://github.com/bildsben/iTunesRPC-Remastered/commit/54b02d9f3a94de94e4fb471908b8cf798e62e411"}]}, "source": {"advisory": "GHSA-3xpp-rhqx-cw96", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-23603", "datePublished": "2022-02-01T10:43:59", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2022-02-01T10:43:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:itunesrpc-remastered_project:itunesrpc-remastered:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6C22451-4974-430A-85CC-E266A4A5FB19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue."}, {"lang": "es", "value": "iTunesRPC-Remastered es una aplicaci\u00f3n de mucha presencia en discord para su uso con iTunes y Apple Music. En el c\u00f3digo anterior al commit 24f43aa la entrada del usuario no es saneada apropiadamente y es posible una inyecci\u00f3n de c\u00f3digo. Se recomienda a usuarios que actualicen lo antes posible. No se conocen medidas de mitigaci\u00f3n adicionales para este problema"}], "id": "CVE-2022-23603", "lastModified": "2023-06-27T02:39:56.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.3, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-02-01T11:15:11.493", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bildsben/iTunesRPC-Remastered/commit/24f43aac0f4116b3d89fdbe973ba92c6cfb0d998"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bildsben/iTunesRPC-Remastered/commit/54b02d9f3a94de94e4fb471908b8cf798e62e411"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-3xpp-rhqx-cw96"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "nvd@nist.gov", "type": "Primary"}]}