ByteOS Network

stevespringett

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2022-23554

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 22.15%

7 Day CHG~0.00%

Published-28 Dec, 2022 | 18:12

Updated-10 Apr, 2025 | 20:25

Authentication bypass in Alpine

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains condition will hold and will return from the authentication filter without aborting the request. Note that the principal object will not be assigned and therefore the issue wont allow user impersonation. This issue has been fixed in version 1.10.4. There are no known workarounds.

Vendor-alpine_project stevespringett

Product-alpine alpine

CWE ID-CWE-287

Improper Authentication

CWE ID-CWE-697

Incorrect Comparison

CVE-2022-23553

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-7.5||HIGH

EPSS-0.10% / 28.69%

7 Day CHG~0.00%

Published-28 Dec, 2022 | 18:01

Updated-10 Apr, 2025 | 20:29

URL access filters bypass in Alpine

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.

Vendor-alpine_project stevespringett

Product-alpine alpine

CWE ID-CWE-863

Incorrect Authorization