VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-n8u8-pmvh-aaam

Essentials
Severities (122)
References (41)
Severity details (31)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-n8u8-pmvh-aaam
Aliases	BIT-2022-22818 BIT-django-2022-22818 CVE-2022-22818 GHSA-95rw-fx8r-36v6 PYSEC-2022-19
Summary	The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:5498
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json
epss	0.00469	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00469	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00469	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00469	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00548	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00548	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00548	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00552	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00582	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00794	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00794	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
epss	0.00917	https://api.first.org/data/v1/epss?cve=CVE-2022-22818
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2048775
cvssv3.1	7.5	https://docs.djangoproject.com/en/4.0/releases/security
generic_textual	HIGH	https://docs.djangoproject.com/en/4.0/releases/security
cvssv3.1	5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-95rw-fx8r-36v6
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	6.1	https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
generic_textual	MODERATE	https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
cvssv3.1	6.1	https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
generic_textual	MODERATE	https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
cvssv3.1	6.1	https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
generic_textual	MODERATE	https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
cvssv3.1	6.1	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
cvssv3.1	3.7	https://groups.google.com/forum/#%21forum/django-announce
generic_textual	MODERATE	https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1	7.5	https://groups.google.com/forum/#!forum/django-announce
generic_textual	HIGH	https://groups.google.com/forum/#!forum/django-announce
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2022-22818
cvssv3	6.1	https://nvd.nist.gov/vuln/detail/CVE-2022-22818
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2022-22818
archlinux	Unknown	https://security.archlinux.org/AVG-2808
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20220221-0003
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20220221-0003
cvssv3.1	8.8	https://www.debian.org/security/2022/dsa-5254
generic_textual	HIGH	https://www.debian.org/security/2022/dsa-5254
cvssv3.1	7.5	https://www.djangoproject.com/weblog/2022/feb/01/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2022/feb/01/security-releases

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-22818
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
		https://docs.djangoproject.com/en/4.0/releases/security
		https://docs.djangoproject.com/en/4.0/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
		https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
		https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
		https://groups.google.com/forum/#%21forum/django-announce
		https://groups.google.com/forum/#!forum/django-announce
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
		https://security.netapp.com/advisory/ntap-20220221-0003
		https://security.netapp.com/advisory/ntap-20220221-0003/
		https://www.debian.org/security/2022/dsa-5254
		https://www.djangoproject.com/weblog/2022/feb/01/security-releases
		https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
1004752		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752
2048775		https://bugzilla.redhat.com/show_bug.cgi?id=2048775
AVG-2808		https://security.archlinux.org/AVG-2808
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
CVE-2022-22818		https://nvd.nist.gov/vuln/detail/CVE-2022-22818
GHSA-95rw-fx8r-36v6		https://github.com/advisories/GHSA-95rw-fx8r-36v6
RHSA-2022:5498		https://access.redhat.com/errata/RHSA-2022:5498
RHSA-2022:8506		https://access.redhat.com/errata/RHSA-2022:8506
RHSA-2022:8853		https://access.redhat.com/errata/RHSA-2022:8853
RHSA-2022:8872		https://access.redhat.com/errata/RHSA-2022:8872
USN-5269-1		https://usn.ubuntu.com/5269-1/
USN-5269-2		https://usn.ubuntu.com/5269-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://docs.djangoproject.com/en/4.0/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/forum/#%21forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22818

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22818

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22818

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220221-0003

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5254

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2022/feb/01/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.75278
EPSS Score	0.00469
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.