CVE-2022-1681

Source
https://cve.org/CVERecord?id=CVE-2022-1681
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1681.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1681
Published
2022-05-12T07:45:14Z
Modified
2026-07-08T06:00:49.678787754Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Authentication Bypass Using an Alternate Path or Channel in requarks/wiki
Details

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions

Database specific
{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-288"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1681.json"
}
References

Affected packages

Git / github.com/requarks/wiki

Affected ranges

Type
GIT
Repo
https://github.com/requarks/wiki
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.5.281"
        }
    ],
    "cpe": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.0.0-beta.11
2.0.0-beta.115
2.0.0-beta.147
2.0.0-beta.148
2.0.0-beta.174
2.0.0-beta.180
2.0.0-beta.203
2.0.0-beta.208
2.0.0-beta.230
2.0.0-beta.241
2.0.0-beta.267
2.0.0-beta.268
2.0.0-beta.275
2.0.0-beta.303
2.0.0-beta.42
2.0.0-beta.68
2.0.0-beta.84
2.0.0-beta.91
2.0.0-rc.1
2.0.0-rc.17
2.0.1
2.0.12
2.1.113
2.2.50
2.2.51
2.3.71
2.3.72
2.3.77
2.4.105
2.4.107
2.4.75
2.5.105
2.5.117
2.5.121
2.5.126
2.5.132
2.5.136
2.5.144
2.5.159
2.5.170
2.5.191
2.5.197
2.5.201
2.5.214
2.5.219
2.5.254
2.5.255
2.5.260
2.5.264
2.5.268
2.5.272
2.5.274
v1.*
v1.0-alpha.1
v1.0-alpha.2
v1.0-alpha.3
v1.0-alpha.4
v1.0-alpha.5
v1.0-alpha.6
v1.0-alpha.7
v1.0-beta.1
v1.0-beta.2
v1.0-beta.3
v1.0-beta.4
v1.0-beta.5
v1.0.0-beta.10
v1.0.0-beta.11
v1.0.0-beta.12
v1.0.0-beta.13
v1.0.0-beta.6
v1.0.0-beta.7
v1.0.0-beta.8
v1.0.0-beta.9
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v2.*
v2.5.275
v2.5.276
v2.5.277
v2.5.278
v2.5.279
v2.5.280

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1681.json"