CVE-2023-22451 (GCVE-0-2023-22451)
Vulnerability from cvelistv5 – Published: 2023-01-02 15:56 – Updated: 2025-03-10 21:33
VLAI
EPSS
VEX
Title
Weak password requirements in Kiwi TCMS
Summary
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can’t be too similar to other personal information, must contain at least 10 characters, can’t be a commonly used password, and can’t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/kiwitcms/Kiwi/security/advisor… | x_refsource_CONFIRM |
| https://github.com/kiwitcms/Kiwi/commit/3759fb68a… | x_refsource_MISC |
| https://huntr.dev/bounties/32a873c8-f605-4aae-927… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g"
},
{
"name": "https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985"
},
{
"name": "https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:00:51.929649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:33:43.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kiwi",
"vendor": "kiwitcms",
"versions": [
{
"status": "affected",
"version": "\u003c= 11.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can\u2019t be too similar to other personal information, must contain at least 10 characters, can\u2019t be a commonly used password, and can\u2019t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521: Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-02T15:56:43.003Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g"
},
{
"name": "https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985"
},
{
"name": "https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73",
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73"
}
],
"source": {
"advisory": "GHSA-496x-2jqf-hp7g",
"discovery": "UNKNOWN"
},
"title": "Weak password requirements in Kiwi TCMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22451",
"datePublished": "2023-01-02T15:56:43.003Z",
"dateReserved": "2022-12-29T03:00:40.877Z",
"dateUpdated": "2025-03-10T21:33:43.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-22451",
"date": "2026-07-16",
"epss": "0.00681",
"percentile": "0.48305"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kiwitcms:kiwi_tcms:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.7\", \"matchCriteriaId\": \"9D4D9099-B528-4D0B-81ED-F66A74604B2F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can\\u2019t be too similar to other personal information, must contain at least 10 characters, can\\u2019t be a commonly used password, and can\\u2019t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen. \"}, {\"lang\": \"es\", \"value\": \"Kiwi TCMS es un sistema de gesti\\u00f3n de pruebas de c\\u00f3digo abierto. En la versi\\u00f3n 11.6 y anteriores, cuando los usuarios registran nuevas cuentas y/o cambian contrase\\u00f1as, no existe ninguna validaci\\u00f3n que les impida elegir una contrase\\u00f1a f\\u00e1cil de adivinar. Este problema se resuelve proporcionando valores predeterminados para la configuraci\\u00f3n `AUTH_PASSWORD_VALIDATORS`. A partir de la versi\\u00f3n 11.7, la contrase\\u00f1a no puede ser muy similar a otra informaci\\u00f3n personal, debe contener al menos 10 caracteres, no puede ser una contrase\\u00f1a de uso com\\u00fan y no puede ser completamente num\\u00e9rica. Como workaround, un administrador puede restablecer todas las contrase\\u00f1as en Kiwi TCMS si cree que se puede haber elegido una contrase\\u00f1a d\\u00e9bil.\"}]",
"id": "CVE-2023-22451",
"lastModified": "2024-11-21T07:44:49.820",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2023-01-02T16:15:11.063",
"references": "[{\"url\": \"https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-521\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-521\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-22451\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-01-02T16:15:11.063\",\"lastModified\":\"2026-06-17T05:35:28.713\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can\u2019t be too similar to other personal information, must contain at least 10 characters, can\u2019t be a commonly used password, and can\u2019t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen. \"},{\"lang\":\"es\",\"value\":\"Kiwi TCMS es un sistema de gesti\u00f3n de pruebas de c\u00f3digo abierto. En la versi\u00f3n 11.6 y anteriores, cuando los usuarios registran nuevas cuentas y/o cambian contrase\u00f1as, no existe ninguna validaci\u00f3n que les impida elegir una contrase\u00f1a f\u00e1cil de adivinar. Este problema se resuelve proporcionando valores predeterminados para la configuraci\u00f3n `AUTH_PASSWORD_VALIDATORS`. A partir de la versi\u00f3n 11.7, la contrase\u00f1a no puede ser muy similar a otra informaci\u00f3n personal, debe contener al menos 10 caracteres, no puede ser una contrase\u00f1a de uso com\u00fan y no puede ser completamente num\u00e9rica. Como workaround, un administrador puede restablecer todas las contrase\u00f1as en Kiwi TCMS si cree que se puede haber elegido una contrase\u00f1a d\u00e9bil.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"kiwitcms\",\"product\":\"Kiwi\",\"versions\":[{\"version\":\"\u003c= 11.6\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-03-10T21:00:51.929649Z\",\"id\":\"CVE-2023-22451\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-521\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-521\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kiwitcms:kiwi_tcms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.7\",\"matchCriteriaId\":\"9D4D9099-B528-4D0B-81ED-F66A74604B2F\"}]}]}],\"references\":[{\"url\":\"https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2025-05-28T23:12:02+00:00",
"cve": "CVE-2023-22451",
"id": "CVE-2023-22451",
"initial_release_date": "2023-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Weak password requirements in Kiwi TCMS",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22451.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g\", \"name\": \"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985\", \"name\": \"https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73\", \"name\": \"https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:13:48.362Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-22451\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-10T21:00:51.929649Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-10T21:00:54.100Z\"}}], \"cna\": {\"title\": \"Weak password requirements in Kiwi TCMS\", \"source\": {\"advisory\": \"GHSA-496x-2jqf-hp7g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"kiwitcms\", \"product\": \"Kiwi\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 11.6\"}]}], \"references\": [{\"url\": \"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g\", \"name\": \"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985\", \"name\": \"https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73\", \"name\": \"https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can\\u2019t be too similar to other personal information, must contain at least 10 characters, can\\u2019t be a commonly used password, and can\\u2019t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen. \"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-521\", \"description\": \"CWE-521: Weak Password Requirements\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-01-02T15:56:43.003Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-22451\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-10T21:33:43.162Z\", \"dateReserved\": \"2022-12-29T03:00:40.877Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-01-02T15:56:43.003Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…