How severe is CVE-2022-39275?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2022-39275?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2022-39275 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2012-3821

MEDIUM

CVSS:4.3(Medium)

A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.

CWE-8632012

CVE-2013-4228

MEDIUM

CVSS:4.3(Medium)

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authent...

CWE-8632013

CVE-2013-4411

MEDIUM

CVSS:4.3(Medium)

Review Board: URL processing gives unauthorized users access to review lists

CWE-8632013

CVE-2016-4178

MEDIUM

CVSS:4.3(Medium)

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sen...

CWE-8632016

CVE-2017-17323

MEDIUM

CVSS:4.3(Medium)

Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain i...

CWE-8632017

CVE-2017-1766

MEDIUM

CVSS:4.3(Medium)

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

CWE-8632017