VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qy5g-zjex-aaan

Essentials
Severities (116)
References (30)
Severity details (28)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-qy5g-zjex-aaan
Aliases	CVE-2022-29248 GHSA-cwmx-hcrq-mhc3
Summary	Cross-domain cookie leakage in Guzzle
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-565	Reliance on Cookies without Validation and Integrity Checking
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00389	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.00460	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
epss	0.01087	https://api.first.org/data/v1/epss?cve=CVE-2022-29248
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-cwmx-hcrq-mhc3
cvssv3.1	7.7	https://github.com/guzzle/guzzle
generic_textual	HIGH	https://github.com/guzzle/guzzle
cvssv3.1	8	https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
cvssv3.1	8.0	https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
generic_textual	HIGH	https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
ssvc	Track	https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
cvssv3.1	8	https://github.com/guzzle/guzzle/pull/3018
cvssv3.1	8.0	https://github.com/guzzle/guzzle/pull/3018
generic_textual	HIGH	https://github.com/guzzle/guzzle/pull/3018
ssvc	Track	https://github.com/guzzle/guzzle/pull/3018
cvssv3.1	8	https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
cvssv3.1	8.0	https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
cvssv3.1_qr	HIGH	https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
generic_textual	HIGH	https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
ssvc	Track	https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
cvssv2	5.8	https://nvd.nist.gov/vuln/detail/CVE-2022-29248
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2022-29248
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2022-29248
archlinux	Unknown	https://security.archlinux.org/AVG-2823
cvssv3.1	7.7	https://www.debian.org/security/2022/dsa-5246
cvssv3.1	8	https://www.debian.org/security/2022/dsa-5246
generic_textual	HIGH	https://www.debian.org/security/2022/dsa-5246
ssvc	Track	https://www.debian.org/security/2022/dsa-5246
cvssv3.1	8	https://www.drupal.org/sa-core-2022-010
cvssv3.1	8.0	https://www.drupal.org/sa-core-2022-010
generic_textual	HIGH	https://www.drupal.org/sa-core-2022-010
ssvc	Track	https://www.drupal.org/sa-core-2022-010

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-29248
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44854
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44855
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44856
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28201
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28202
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28203
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31042
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31043
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31090
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34911
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34912
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767
		https://github.com/guzzle/guzzle
		https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab
		https://github.com/guzzle/guzzle/pull/3018
		https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
		https://www.debian.org/security/2022/dsa-5246
		https://www.drupal.org/sa-core-2022-010
1011636		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011636
AVG-2823		https://security.archlinux.org/AVG-2823
cpe:2.3:a:drupal:drupal::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal::::::::
cpe:2.3:a:guzzlephp:guzzle::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:guzzlephp:guzzle::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
CVE-2022-29248		https://nvd.nist.gov/vuln/detail/CVE-2022-29248
CVE-2022-29248.YAML		https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml
GHSA-cwmx-hcrq-mhc3		https://github.com/advisories/GHSA-cwmx-hcrq-mhc3

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/guzzle/guzzle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/ Found at https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/guzzle/guzzle/pull/3018

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/guzzle/guzzle/pull/3018

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/ Found at https://github.com/guzzle/guzzle/pull/3018

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/ Found at https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29248

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29248

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29248

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://www.debian.org/security/2022/dsa-5246

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.debian.org/security/2022/dsa-5246

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/ Found at https://www.debian.org/security/2022/dsa-5246

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.drupal.org/sa-core-2022-010

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.drupal.org/sa-core-2022-010

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:51Z/ Found at https://www.drupal.org/sa-core-2022-010

Exploit Prediction Scoring System (EPSS)

Percentile	0.70842
EPSS Score	0.00334
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.