Vulnerability Details CVE-2022-25570
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://sysadms.de/2022/03/cve-2022-25570-standard-berechtigungsmodell-im-passwortmanager-passwordstate-ermoeglicht-rechteausweitung/
- https://www.clickstudios.com.au/passwordstate-changelog.aspx
- https://sysadms.de/2022/03/cve-2022-25570-standard-berechtigungsmodell-im-passwortmanager-passwordstate-ermoeglicht-rechteausweitung/
- https://www.clickstudios.com.au/passwordstate-changelog.aspx
Products affected by CVE-2022-25570
-
cpe:2.3:a:clickstudios:passwordstate:9.4