CVE-2022-47551
Last modified
CVE-2022-47551 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apiman | Apiman | >= 1.5.7, <= 2.2.3 |
References
- https://www.apiman.io/blog/permissions-bypass-disclosure/Vendor Advisory
- https://www.github.com/apiman/apimanThird Party Advisory
- https://www.apiman.io/blog/permissions-bypass-disclosure/Vendor Advisory
- https://www.github.com/apiman/apimanThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-47551?
How severe is CVE-2022-47551?
How do I fix CVE-2022-47551?
Are you affected by CVE-2022-47551?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST