Vulnerability Description
mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Makedp | Mprweb | <= 5.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/makedeb/mprweb/commit/d13e3f2f5a9c0b0f6782f35d837090732026ad7PatchThird Party Advisory
- https://github.com/makedeb/mprweb/security/advisories/GHSA-jm39-h693-678gThird Party Advisory
- https://github.com/makedeb/mprweb/commit/d13e3f2f5a9c0b0f6782f35d837090732026ad7PatchThird Party Advisory
- https://github.com/makedeb/mprweb/security/advisories/GHSA-jm39-h693-678gThird Party Advisory
FAQ
What is CVE-2022-31185?
CVE-2022-31185 is a vulnerability with a CVSS score of 5.3 (MEDIUM). mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page,...
How severe is CVE-2022-31185?
CVE-2022-31185 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31185?
Check the references section above for vendor advisories and patch information. Affected products include: Makedp Mprweb.