CVE-2022-2821

moderate-risk
Published 2022-08-15

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2.

Do I need to act?

-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Nameless

Affected Vendors

Namelessmc

References (4)

Patch https://github.com/namelessmc/nameless/commit/98fe4b7fce5509e49e71f1357118db887b...
Exploit https://huntr.dev/bounties/c216db15-fe2f-42a7-852a-6c47498cf069
Patch https://github.com/namelessmc/nameless/commit/98fe4b7fce5509e49e71f1357118db887b...
Exploit https://huntr.dev/bounties/c216db15-fe2f-42a7-852a-6c47498cf069
32
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal