CVE Vulnerabilities

CVE-2022-3065

Published: Sep 02, 2022 | Modified: Sep 08, 2022

CVSS 3.x

7.5

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-3065
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.

Affected Software

Name	Vendor	Start Version	End Version
Drawio	Diagrams	*	20.2.8 (excluding)

References

https://github.com/jgraph/drawio/commit/59887e45b36f06c8dd4919a32bacd994d9f084da
https://huntr.dev/bounties/5f3bc4b6-1d53-46b7-a23d-70f5faaf0c76

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.