VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-u37h-3621-aaaj

Essentials
Severities (114)
References (31)
Severity details (30)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-u37h-3621-aaaj
Aliases	CVE-2022-46146 GHSA-7rg2-cxvp-9p7p
Summary	Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.
Status	Published
Exploitability	0.5
Weighted Severity	7.9
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-287	Improper Authentication
CWE-303	Incorrect Implementation of Authentication Algorithm
CWE-305	Authentication Bypass by Primary Weakness

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46146.json
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.01200	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.03081	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.03081	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.03081	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
epss	0.03081	https://api.first.org/data/v1/epss?cve=CVE-2022-46146
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.2	https://github.com/prometheus/exporter-toolkit
generic_textual	MODERATE	https://github.com/prometheus/exporter-toolkit
cvssv3.1	6.2	https://github.com/prometheus/exporter-toolkit/commit/25288779bc59d00c41b4a1706c6b87f0561ef2d7
generic_textual	MODERATE	https://github.com/prometheus/exporter-toolkit/commit/25288779bc59d00c41b4a1706c6b87f0561ef2d7
cvssv3.1	6.2	https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5
generic_textual	MODERATE	https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5
cvssv3.1	6.2	https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
generic_textual	MODERATE	https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
cvssv3.1	6.2	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26
cvssv3.1	6.2	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA
cvssv3.1	6.2	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y
cvssv3.1	6.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26
cvssv3.1	6.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA
cvssv3.1	6.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-46146
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-46146
cvssv3.1	6.2	http://www.openwall.com/lists/oss-security/2022/11/29/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2022/11/29/1
cvssv3.1	6.2	http://www.openwall.com/lists/oss-security/2022/11/29/2
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2022/11/29/2
cvssv3.1	6.2	http://www.openwall.com/lists/oss-security/2022/11/29/4
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2022/11/29/4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46146.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-46146
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/prometheus/exporter-toolkit
		https://github.com/prometheus/exporter-toolkit/commit/25288779bc59d00c41b4a1706c6b87f0561ef2d7
		https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5
		https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y/
		http://www.openwall.com/lists/oss-security/2022/11/29/1
		http://www.openwall.com/lists/oss-security/2022/11/29/2
		http://www.openwall.com/lists/oss-security/2022/11/29/4
1025127		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025127
2149436		https://bugzilla.redhat.com/show_bug.cgi?id=2149436
cpe:2.3:a:prometheus:exporter_toolkit::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:prometheus:exporter_toolkit::::::::
CVE-2022-46146		https://nvd.nist.gov/vuln/detail/CVE-2022-46146
GLSA-202401-15		https://security.gentoo.org/glsa/202401-15
RHSA-2023:1326		https://access.redhat.com/errata/RHSA-2023:1326
RHSA-2023:2110		https://access.redhat.com/errata/RHSA-2023:2110
RHSA-2023:5001		https://access.redhat.com/errata/RHSA-2023:5001

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46146.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/prometheus/exporter-toolkit

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/prometheus/exporter-toolkit/commit/25288779bc59d00c41b4a1706c6b87f0561ef2d7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46146

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46146

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2022/11/29/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2022/11/29/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2022/11/29/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.25107
EPSS Score	0.00101
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.