CVE-2022-1365

Published: Apr 15, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.

Affected (1)

Products: Cross Fetch Project: Cross Fetch

Cross Fetch Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cross Fetch Project Cross Fetch	Before 3.1.5

Related CWEs

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://github.com/lquixada/cross-fetch/commit/a3b3a9481091ddd06b8f83784ba9c4e034dc912a

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://github.com/lquixada/cross-fetch/commit/a3b3a9481091ddd06b8f83784ba9c4e034dc912a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.