CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47924 – Arbitrary Code Execution using the validate function of csaf-validator-lib
https://notcve.org/view.php?id=CVE-2022-47924
27 Mar 2023 — An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0004.json • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47925 – Insufficient Input Validation in the Endpoint of the csaf-validator-service
https://notcve.org/view.php?id=CVE-2022-47925
27 Mar 2023 — The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0004.json • CWE-20: Improper Input Validation •