CVE-2022-24637

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24637

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24637.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24637

Aliases

GHSA-pr9q-v585-qv2w

Published

2022-03-18T16:15:08Z

Modified

2024-05-15T01:15:42.554281Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '

References

Affected packages

Git / github.com/open-web-analytics/open-web-analytics

Affected ranges

Type: GIT
Repo: https://github.com/open-web-analytics/open-web-analytics
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f2763b17fc88af8465de151004e698a51ec9c8a5

Affected versions

1.*

1.5.8

1.5.9

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.7

1.6.8

1.7.0

1.7.1