VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-vhry-3hqm-bbaz

Essentials
Severities (12)
References (6)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-vhry-3hqm-bbaz
Aliases	CVE-2022-0580 GHSA-33wf-4crm-2322
Summary	Improper Access Control in librenms
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-284	Improper Access Control
CWE-863	Incorrect Authorization
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	2e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-0580
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-33wf-4crm-2322
cvssv3.1	7.1	https://github.com/librenms/librenms
generic_textual	HIGH	https://github.com/librenms/librenms
cvssv3.1	7.1	https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7
generic_textual	HIGH	https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7
cvssv3.1	7.1	https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3
generic_textual	HIGH	https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3
cvssv3.1	7.1	https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html
generic_textual	HIGH	https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html
cvssv3.1	7.1	https://nvd.nist.gov/vuln/detail/CVE-2022-0580
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-0580

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-0580
		https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7
		https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3
		https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html
CVE-2022-0580		https://nvd.nist.gov/vuln/detail/CVE-2022-0580
GHSA-33wf-4crm-2322		https://github.com/advisories/GHSA-33wf-4crm-2322

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/librenms/librenms

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-0580

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.00032
EPSS Score	2e-05
Published At	June 12, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:28:17.924402+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-33wf-4crm-2322	38.6.0