CVE-2022-25570

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.

Related Vulnerabilities

CVE-2017-0369

MEDIUM
CVSS:6.5(Medium)

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

CWE-2762017

CVE-2017-1000084

MEDIUM
CVSS:6.5(Medium)

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in...

CWE-2762017

CVE-2018-13286

MEDIUM
CVSS:6.5(Medium)

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world re...

CWE-2762018

CVE-2018-13287

MEDIUM
CVSS:6.5(Medium)

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readab...

CWE-2762018

CVE-2019-10463

MEDIUM
CVSS:6.5(Medium)

A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CWE-2762019

CVE-2019-10469

MEDIUM
CVSS:6.5(Medium)

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credenti...

CWE-2762019