How severe is CVE-2022-31007?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2022-31007?

This is classified as CWE-842, which is a common weakness in software security.

CVE-2022-31007

HIGH Year: 2022

CVSS v3 Score

7.2

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-842

View all →

Vulnerability Description

eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts.

CVE-2022-2989

HIGH

CVSS:7.1(High)

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to th...

CWE-8422022

CVE-2022-2990

HIGH

CVSS:7.1(High)

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to t...

CWE-8422022

CVE-2022-3650

HIGH

CVSS:7.8(High)

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

CWE-8422022

CVE-2023-25575

MEDIUM

CVSS:6.5(Medium)

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\Metadata\ApiProperty` attribute can b...

CWE-8422023

CVE-2022-45097

HIGH

CVSS:8.8(High)

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of priv...

CWE-8422022

CVE-2022-45097

HIGH

CVSS:8.8(High)

CWE-8422022

CVE-2022-31007

Vulnerability Description

Related Vulnerabilities

CVE-2022-2989

CVE-2022-2990

CVE-2022-3650

CVE-2023-25575

CVE-2022-45097

CVE-2022-45097