Details of VAR-202212-0925

ID

VAR-202212-0925

CVE

CVE-2022-46829

TITLE

JetBrains of jetbrains gateway Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023135

DESCRIPTION

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. JetBrains of jetbrains gateway There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-46829 // JVNDB: JVNDB-2022-023135 // VULHUB: VHN-447378

AFFECTED PRODUCTS

vendor:	jetbrains	model:	gateway	scope:	lt	version:	2022.3	Trust: 1.0
vendor:	jetbrains	model:	gateway	scope:	eq	version:	2022.3	Trust: 0.8
vendor:	jetbrains	model:	gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	jetbrains	model:	gateway	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023135 // NVD: CVE-2022-46829

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-46829
value:	HIGH
Trust: 1.0
cve@jetbrains.com:	CVE-2022-46829
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-46829
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-2739
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-46829
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@jetbrains.com:	CVE-2022-46829
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-46829
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023135 // CNNVD: CNNVD-202212-2739 // NVD: CVE-2022-46829 // NVD: CVE-2022-46829

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-447378 // JVNDB: JVNDB-2022-023135 // NVD: CVE-2022-46829

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2739

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202212-2739

PATCH

title:

JetBrains Gateway Remediation measures for authorization problem vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=217169

Trust: 0.6

sources: CNNVD: CNNVD-202212-2739

EXTERNAL IDS

db:	NVD	id:	CVE-2022-46829	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-023135	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-2739	Trust: 0.6
db:	VULHUB	id:	VHN-447378	Trust: 0.1

sources: VULHUB: VHN-447378 // JVNDB: JVNDB-2022-023135 // CNNVD: CNNVD-202212-2739 // NVD: CVE-2022-46829

REFERENCES

url:	https://www.jetbrains.com/privacy-security/issues-fixed/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46829	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-46829/	Trust: 0.6

sources: VULHUB: VHN-447378 // JVNDB: JVNDB-2022-023135 // CNNVD: CNNVD-202212-2739 // NVD: CVE-2022-46829

SOURCES

db:	VULHUB	id:	VHN-447378
db:	JVNDB	id:	JVNDB-2022-023135
db:	CNNVD	id:	CNNVD-202212-2739
db:	NVD	id:	CVE-2022-46829

LAST UPDATE DATE

2024-08-14T15:32:23.267000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-447378	date:	2022-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-023135	date:	2023-11-27T07:57:00
db:	CNNVD	id:	CNNVD-202212-2739	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-46829	date:	2022-12-12T16:36:12.833

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-447378	date:	2022-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-023135	date:	2023-11-27T00:00:00
db:	CNNVD	id:	CNNVD-202212-2739	date:	2022-12-08T00:00:00
db:	NVD	id:	CVE-2022-46829	date:	2022-12-08T18:15:10.243