CVE-2022-0203
published 2022-01-26CVE-2022-0203: Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
1.21%
64.7th percentile
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bytefury | crater | >= 0 < 6.0.2 | 6.0.2 |
| crater-invoice | crater-invoice_crater | >= unspecified < 6.0.2 | 6.0.2 |
| craterapp | crater | < 6.0.2 | 6.0.2 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Missing Authorization in Crater Invoice
osv·2022-01-27
CVE-2022-0203 [MEDIUM] Missing Authorization in Crater Invoice
Missing Authorization in Crater Invoice
Crater Invoice prior to version 6.0.2 has a missing authorization vulnerability..
GHSA
Missing Authorization in Crater Invoice
ghsa·2022-01-27
CVE-2022-0203 [MEDIUM] CWE-284 Missing Authorization in Crater Invoice
Missing Authorization in Crater Invoice
Crater Invoice prior to version 6.0.2 has a missing authorization vulnerability..
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992https://huntr.dev/bounties/395fc553-2b90-4e69-ba07-a316e1c06406
2022-01-26
Published