Search for vulnerabilities
Vulnerability details: VCID-9494-9tdz-jkeb
Vulnerability ID VCID-9494-9tdz-jkeb
Aliases CVE-2022-45060
VSV00011
Summary An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-918 Server-Side Request Forgery (SSRF)
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45060.json
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-45060
cvssv3.1 7.5 https://docs.varnish-software.com/security/VSV00011
ssvc Track https://docs.varnish-software.com/security/VSV00011
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-45060
cvssv3.1 7.5 https://varnish-cache.org/security/VSV00011.html
ssvc Track https://varnish-cache.org/security/VSV00011.html
cvssv3.1 7.5 https://www.debian.org/security/2023/dsa-5334
ssvc Track https://www.debian.org/security/2023/dsa-5334
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45060.json
https://api.first.org/data/v1/epss?cve=CVE-2022-45060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45060
https://docs.varnish-software.com/security/VSV00011
https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/
https://varnish-cache.org/security/VSV00011.html
https://www.debian.org/security/2023/dsa-5334
1023751 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023751
2141844 https://bugzilla.redhat.com/show_bug.cgi?id=2141844
cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
cpe:2.3:a:varnish_cache_project:varnish_cache:7.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r0:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r0:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.0:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.10:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.1:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.2:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.2:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r8:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.3:r9:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.4:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.5:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r10:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r8:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.6:r9:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.7:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.8:r7:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r1:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r2:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r3:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r4:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r5:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r6:*:*:*:*:*:*
cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache_plus:6.0.9:r7:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-45060 https://nvd.nist.gov/vuln/detail/CVE-2022-45060
RHSA-2022:8643 https://access.redhat.com/errata/RHSA-2022:8643
RHSA-2022:8644 https://access.redhat.com/errata/RHSA-2022:8644
RHSA-2022:8645 https://access.redhat.com/errata/RHSA-2022:8645
RHSA-2022:8646 https://access.redhat.com/errata/RHSA-2022:8646
RHSA-2022:8647 https://access.redhat.com/errata/RHSA-2022:8647
RHSA-2022:8649 https://access.redhat.com/errata/RHSA-2022:8649
RHSA-2022:8650 https://access.redhat.com/errata/RHSA-2022:8650
RHSA-2023:0673 https://access.redhat.com/errata/RHSA-2023:0673
USN-7372-1 https://usn.ubuntu.com/7372-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45060.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://docs.varnish-software.com/security/VSV00011
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/ Found at https://docs.varnish-software.com/security/VSV00011
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/ Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-45060
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://varnish-cache.org/security/VSV00011.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/ Found at https://varnish-cache.org/security/VSV00011.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.debian.org/security/2023/dsa-5334
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/ Found at https://www.debian.org/security/2023/dsa-5334
Exploit Prediction Scoring System (EPSS)
Percentile 0.55245
EPSS Score 0.00329
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:20:35.321386+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7372-1/ 36.1.3