{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-1996","assignerOrgId":"c09c270a-b464-47c1-9133-acb35b22c19a","assignerShortName":"@huntrdev","dateUpdated":"2024-08-03T00:24:43.677Z","dateReserved":"2022-06-06T00:00:00.000Z","datePublished":"2022-06-06T00:00:00.000Z"},"containers":{"cna":{"title":"Authorization Bypass Through User-Controlled Key in emicklei/go-restful","providerMetadata":{"orgId":"c09c270a-b464-47c1-9133-acb35b22c19a","shortName":"@huntrdev","dateUpdated":"2023-02-23T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0."}],"affected":[{"vendor":"emicklei","product":"emicklei/go-restful","versions":[{"version":"unspecified","lessThan":"v3.8.0","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1"},{"url":"https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10"},{"name":"FEDORA-2022-185697ef56","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/"},{"name":"FEDORA-2022-589a0ad690","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/"},{"name":"FEDORA-2022-fae3ecee19","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"},{"name":"FEDORA-2022-ba365d3703","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"},{"name":"FEDORA-2022-30c5ed5625","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"},{"url":"https://security.netapp.com/advisory/ntap-20220923-0005/"},{"name":"FEDORA-2023-6550d9323b","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/"},{"name":"FEDORA-2023-4e2068ba5d","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/"},{"name":"FEDORA-2023-c9b2182a4e","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":9.3,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-639 Authorization Bypass Through User-Controlled Key","cweId":"CWE-639"}]}],"source":{"advisory":"be837427-415c-4d8c-808b-62ce20aa84f1","discovery":"EXTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T00:24:43.677Z"},"title":"CVE Program Container","references":[{"url":"https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1","tags":["x_transferred"]},{"url":"https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10","tags":["x_transferred"]},{"name":"FEDORA-2022-185697ef56","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/"},{"name":"FEDORA-2022-589a0ad690","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/"},{"name":"FEDORA-2022-fae3ecee19","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"},{"name":"FEDORA-2022-ba365d3703","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"},{"name":"FEDORA-2022-30c5ed5625","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"},{"url":"https://security.netapp.com/advisory/ntap-20220923-0005/","tags":["x_transferred"]},{"name":"FEDORA-2023-6550d9323b","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/"},{"name":"FEDORA-2023-4e2068ba5d","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/"},{"name":"FEDORA-2023-c9b2182a4e","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/"}]}]}}