Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-23627
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-08 Feb, 2022 | 23:15
Updated At-16 Feb, 2022 | 17:23

ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn't adequately verify effective access of the user sending proxy (i.e. `[Bots]`) commands. In particular, a proxy-like command sent to bot `A` targeting bot `B` has incorrectly verified user's access against bot `A` - instead of bot `B`, to which the command was originally designated. This in result allowed access to resources beyond those configured, being a security threat affecting confidentiality of other bot instances. A successful attack exploiting this bug requires a significant access granted explicitly by original owner of the ASF process prior to that, as attacker has to control at least a single bot in the process to make use of this inadequate access verification loophole. The issue is patched in ASF V5.2.2.5, V5.2.3.2 and future versions. Users are advised to update as soon as possible.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Secondary3.15.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
archisteamfarm_project
archisteamfarm_project
>>archisteamfarm>>Versions from 5.2.2.2(inclusive) to 5.2.2.5(exclusive)
cpe:2.3:a:archisteamfarm_project:archisteamfarm:*:*:*:*:*:*:*:*
archisteamfarm_project
archisteamfarm_project
>>archisteamfarm>>Versions from 5.2.3.0(inclusive) to 5.2.3.2(exclusive)
cpe:2.3:a:archisteamfarm_project:archisteamfarm:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-863Primarynvd@nist.gov
CWE-863Secondarysecurity-advisories@github.com
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-863
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/JustArchiNET/ArchiSteamFarm/commit/7a29d9282bdc3280db2a379c24f73916d786f9b4security-advisories@github.com
Patch
Third Party Advisory
https://github.com/JustArchiNET/ArchiSteamFarm/commit/f807bdb660e75dee5a34994f2ea70970ca6d0492security-advisories@github.com
Patch
Third Party Advisory
https://github.com/JustArchiNET/ArchiSteamFarm/pull/2501security-advisories@github.com
Patch
Third Party Advisory
https://github.com/JustArchiNET/ArchiSteamFarm/pull/2509security-advisories@github.com
Patch
Third Party Advisory
https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.2.5security-advisories@github.com
Release Notes
Third Party Advisory
https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.3.2security-advisories@github.com
Release Notes
Third Party Advisory
https://github.com/JustArchiNET/ArchiSteamFarm/security/advisories/GHSA-88ch-366c-5m89security-advisories@github.com
Third Party Advisory
Hyperlink: https://github.com/JustArchiNET/ArchiSteamFarm/commit/7a29d9282bdc3280db2a379c24f73916d786f9b4
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/JustArchiNET/ArchiSteamFarm/commit/f807bdb660e75dee5a34994f2ea70970ca6d0492
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/JustArchiNET/ArchiSteamFarm/pull/2501
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/JustArchiNET/ArchiSteamFarm/pull/2509
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.2.5
Source: security-advisories@github.com
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/JustArchiNET/ArchiSteamFarm/releases/tag/5.2.3.2
Source: security-advisories@github.com
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/JustArchiNET/ArchiSteamFarm/security/advisories/GHSA-88ch-366c-5m89
Source: security-advisories@github.com
Resource:
Third Party Advisory
Change History
0Changes found
Details not found