How severe is CVE-2022-30699?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-30699?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2022-30699 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.

Related Vulnerabilities

CVE-2017-1000131

MEDIUM

CVSS:6.5(Medium)

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when usin...

CWE-6132017

CVE-2017-1000135

MEDIUM

CVSS:6.5(Medium)

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.

CWE-6132017

CVE-2017-1000136

MEDIUM

CVSS:6.5(Medium)

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.

CWE-6132017

CVE-2018-1000814

MEDIUM

CVSS:6.5(Medium)

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. ...

CWE-6132018

CVE-2018-7758

MEDIUM

CVSS:6.5(Medium)

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated c...

CWE-6132018

CVE-2019-16133

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Speci...

CWE-6132019