CVE-2022-1774 - Medium Severity Vulnerability
Vulnerable Library - csetv10.3.0.0
Cybersecurity Evaluation Tool
Library home page: https://github.com/cisagov/cset.git
Found in base branch: master
Vulnerable Source Files (1)
/CSETWebApi/CSETWeb_Api/CSETWeb_Api/Diagram/src/main/java/com/mxgraph/online/ProxyServlet.java
Vulnerability Details
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
Publish Date: 2022-05-18
URL: CVE-2022-1774
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1774
Release Date: 2022-05-18
Fix Resolution: v18.0.7
CVE-2022-1774 - Medium Severity Vulnerability
Cybersecurity Evaluation Tool
Library home page: https://github.com/cisagov/cset.git
Found in base branch: master
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
Publish Date: 2022-05-18
URL: CVE-2022-1774
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1774
Release Date: 2022-05-18
Fix Resolution: v18.0.7