CVE-2022-39304
Published at:
-
21-07-2022 02:00
Last modified:
-
21-07-2022 02:00
Total changes:
-
2
Description
Common Vulnerability Scoring System (CVSS)
High
Attack complexity
Local
Attack vector
Low
Availability
High
Confidentiality
None
Integrity
Low
Privileges required
Unchanged
Scope
Required
User interaction
5.0
Base score
Exploitability score
Impact score
Verification logic
Reference
- https://bugzilla.redhat.com/show_bug.cgi?id=2155942
- https://github.com/bradleyfalzon/ghinstallation/security/advisories/GHSA-h4q8-96p6-jcgr https://github.com/bradleyfalzon/ghinstallation/commit/d24f14f8be70d94129d76026e8b0f4f9170c8c3e https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-an-installation https://github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.go#L172-L174
Keywords