GHSA-pr9q-v585-qv2w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pr9q-v585-qv2w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-pr9q-v585-qv2w/GHSA-pr9q-v585-qv2w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pr9q-v585-qv2w
- Aliases
- Published
- 2022-03-19T00:01:00Z
- Modified
- 2023-11-08T04:08:32.286830Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Improper Privilege Management in Open Web Analytics
- Details
-
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-24637
- https://devel0pment.de/?p=2494
- https://github.com/Open-Web-Analytics/Open-Web-Analytics
- https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4
- http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html
Affected packages
Packagist / open-web-analytics/open-web-analytics
Package
- Name
- open-web-analytics/open-web-analytics
- Purl
- pkg:composer/open-web-analytics/open-web-analytics