Main Vulnerability Database Vulnerabilities #VU66676

#VU66676 Input validation error in Mealie - CVE-2022-34621

Published: August 22, 2022

Vulnerability identifier: #VU66676

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-34621

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mealie

Software vendor:
hay-kot

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to Insecure Direct Object Reference (IDOR) issue in the user_id parameter. A remote user can perform a brute-force attack and change the password or profile images and other settings of arbitrary users on the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/
https://cwe.mitre.org/data/definitions/639.html
https://portswigger.net/web-security/access-control/idor
https://docs.mealie.io/changelog/v0.5.6/
https://hub.docker.com/r/hkotel/mealie

#VU66676 Input validation error in Mealie - CVE-2022-34621

Description

Remediation

External links

Please verify you're human