seccome Ehoney /api/public/signup 权限升级

条目历史jsonxmlCTI

在seccome Ehoney中曾发现一漏洞，此漏洞被评为致命。此漏洞会影响某些未知进程文件/api/public/signup。手动调试的不合法输入可导致权限升级。漏洞的CWE定义是 CWE-284。此漏洞的脆弱性 2022-10-28所披露。分享公告的网址是vuldb.com。该漏洞被标识为CVE-2022-3735，成功的攻击必须要先进入局域网。有技术细节可用。此外还有一个漏洞可利用。当前漏洞利用价值为美元大约是 $0-$5k。 MITRE ATT&CK项目使用攻击技术T1068来解决该问题。它被宣布为proof-of-concept。我们估计的零日攻击价值约为$0-$5k。该漏洞被披露后，此前未曾发表过可能的缓解措施。

字段	2022-10-28 07時47分	2022-11-26 09時26分	2022-11-26 09時30分
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_av	A	A	A
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	5.8	5.8	5.8
cvss2_vuldb_tempscore	5.0	5.0	5.0
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	5.7	5.7	7.3
price_0day	$0-$5k	$0-$5k	$0-$5k
vendor	seccome	seccome	seccome
name	Ehoney	Ehoney	Ehoney
file	/api/public/signup	/api/public/signup	/api/public/signup
cwe	284 (权限升级)	284 (权限升级)	284 (权限升级)
risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
availability	1	1	1
cve	CVE-2022-3735	CVE-2022-3735	CVE-2022-3735
responsible	VulDB	VulDB	VulDB
date	1666908000 (2022-10-28)	1666908000 (2022-10-28)	1666908000 (2022-10-28)
cvss2_vuldb_ac	L	L	L
url		https://vuldb.com/?id.212417	https://vuldb.com/?id.212417
cve_assigned		1666908000 (2022-10-28)	1666908000 (2022-10-28)
cve_nvd_summary		A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability.	A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			6.3

◂ 上一步一览下一步 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!