CVE-2022-25570 — MEDIUM (6.5)

Vulnerability Description

In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Clickstudios	Passwordstate	9.4

Related Weaknesses (CWE)

CWE-276

References

https://sysadms.de/2022/03/cve-2022-25570-standard-berechtigungsmodell-im-passwoExploitThird Party Advisory
https://www.clickstudios.com.au/passwordstate-changelog.aspxRelease Notes
https://sysadms.de/2022/03/cve-2022-25570-standard-berechtigungsmodell-im-passwoExploitThird Party Advisory
https://www.clickstudios.com.au/passwordstate-changelog.aspxRelease Notes

FAQ

What is CVE-2022-25570?

CVE-2022-25570 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has writ...

How severe is CVE-2022-25570?

CVE-2022-25570 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-25570?

Check the references section above for vendor advisories and patch information. Affected products include: Clickstudios Passwordstate.