How severe is CVE-2022-46179?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-46179?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2022-46179 - HIGH Severity | CVSS 7.8

Vulnerability Description

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest commit (c658b4f3e57258acf5f6207a90c2f2169698ae22) by requiring the var to be set to true, causing a test script to run instead of being able to login. A potential workaround is to check for the GITHUB_ACTIONS environment variable and set it to "" (no quotes) to null the variable and force credential checks.

Related Vulnerabilities

CVE-2023-21131

HIGH

CVSS:7.8(High)

In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of ...

CWE-6392023

CVE-2024-1470

HIGH

CVSS:7.8(High)

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Lo...

CWE-6392024

CVE-2019-9921

HIGH

CVSS:7.7(High)

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.

CWE-6392019

CVE-2020-8154

HIGH

CVSS:7.7(High)

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.

CWE-6392020

CVE-2023-3285

HIGH

CVSS:7.7(High)

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.

CWE-6392023

CVE-2024-8040

HIGH

CVSS:7.7(High)

An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.

CWE-6392024