ByteOS Network

CVE Vulnerability Details :

CVE-2022-4860

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-30 Dec, 2022 | 11:49

Updated At-03 Aug, 2024 | 01:55

▼CVE Numbering Authority (CNA)

KBase Metrics methods_upload_user_stats.py upload_user_data sql injection

A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059.

Affected Products

Vendor

KBase

Product

Metrics

Versions

Affected

Problem Types

Type	CWE ID	Description
CWE	CWE-89	CWE-89 SQL Injection

Metrics

Version	Base score	Base severity	Vector
3.1	5.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.0	5.5	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.0	5.2	N/A	AV:A/AC:L/Au:S/C:P/I:P/A:P

Credits

tool

VulDB GitHub Commit Analyzer

Timeline

Event	Date
Advisory disclosed	2022-12-30 00:00:00
CVE reserved	2022-12-30 00:00:00
VulDB entry created	2022-12-30 01:00:00
VulDB entry last update	2023-01-26 09:30:33

References

Hyperlink	Resource
https://vuldb.com/?id.217059	vdb-entry technical-description
https://vuldb.com/?ctiid.217059	signature permissions-required
https://github.com/kbase/metrics/pull/77	issue-tracking
https://github.com/kbase/metrics/commit/959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d	patch

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://vuldb.com/?id.217059	vdb-entry technical-description x_transferred
https://vuldb.com/?ctiid.217059	signature permissions-required x_transferred
https://github.com/kbase/metrics/pull/77	issue-tracking x_transferred
https://github.com/kbase/metrics/commit/959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d	patch x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References