/

CVE-2022-1996 Report - Details, Severity, & Advisories

CVE-2022-1996 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2022-1996 is a critical security vulnerability that affects the GitHub repository emicklei/go-restful prior to version 3.8.0. This vulnerability allows for an authorization bypass through a user-controlled key, posing a significant risk to affected systems. The severity of this vulnerability is rated as 9.1 by NIST and 9.3 by huntr.dev. Systems running Fedora 35 and 36 with the package "golang-github-emicklei-restful" version prior to 3.8.0-1.fc35 and 3.8.0-1.fc36, respectively, could also be affected.

How do I know if I'm affected?

If you're using the emicklei/go-restful GitHub repository or the golang-github-emicklei-restful package on Fedora 35 or 36, you might be affected by the CVE-2022-1996 vulnerability. To know if you're affected, check if you're using a version of emicklei/go-restful prior to 3.8.0 or the Fedora package version prior to 3.8.0-1.fc35 and 3.8.0-1.fc36. This vulnerability is related to the CORS Filter feature and the AllowedDomains parameter. If you're using these features in the affected versions, you could be at risk.

What should I do if I'm affected?

If you're affected by the CVE-2022-1996 vulnerability, update your emicklei/go-restful repository to version 3.8.0 or later. For Fedora 35 and 36 users, update the golang-github-emicklei-restful package to version 3.8.0-1.fc35 and 3.8.0-1.fc36, respectively, using the "dnf" update program. This will help mitigate the vulnerability and secure your system.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

As of now, CVE-2022-1996 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as "Authorization Bypass Through User-Controlled Key," affects the emicklei/go-restful repository prior to version 3.8.0. To address this issue, users should update their repository or Fedora package to the appropriate version, as mentioned in previous sections.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-639 as an authorization bypass issue that can be exploited through a user-controlled key. Updating the affected software mitigates this vulnerability.

For more details

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2022-1996 Report - Details, Severity, & Advisories

CVE-2022-1996 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2022-1996 is a critical security vulnerability that affects the GitHub repository emicklei/go-restful prior to version 3.8.0. This vulnerability allows for an authorization bypass through a user-controlled key, posing a significant risk to affected systems. The severity of this vulnerability is rated as 9.1 by NIST and 9.3 by huntr.dev. Systems running Fedora 35 and 36 with the package "golang-github-emicklei-restful" version prior to 3.8.0-1.fc35 and 3.8.0-1.fc36, respectively, could also be affected.

How do I know if I'm affected?

If you're using the emicklei/go-restful GitHub repository or the golang-github-emicklei-restful package on Fedora 35 or 36, you might be affected by the CVE-2022-1996 vulnerability. To know if you're affected, check if you're using a version of emicklei/go-restful prior to 3.8.0 or the Fedora package version prior to 3.8.0-1.fc35 and 3.8.0-1.fc36. This vulnerability is related to the CORS Filter feature and the AllowedDomains parameter. If you're using these features in the affected versions, you could be at risk.

What should I do if I'm affected?

If you're affected by the CVE-2022-1996 vulnerability, update your emicklei/go-restful repository to version 3.8.0 or later. For Fedora 35 and 36 users, update the golang-github-emicklei-restful package to version 3.8.0-1.fc35 and 3.8.0-1.fc36, respectively, using the "dnf" update program. This will help mitigate the vulnerability and secure your system.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

As of now, CVE-2022-1996 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as "Authorization Bypass Through User-Controlled Key," affects the emicklei/go-restful repository prior to version 3.8.0. To address this issue, users should update their repository or Fedora package to the appropriate version, as mentioned in previous sections.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-639 as an authorization bypass issue that can be exploited through a user-controlled key. Updating the affected software mitigates this vulnerability.

For more details

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2022-1996 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2022-1996 is a critical security vulnerability that affects the GitHub repository emicklei/go-restful prior to version 3.8.0. This vulnerability allows for an authorization bypass through a user-controlled key, posing a significant risk to affected systems. The severity of this vulnerability is rated as 9.1 by NIST and 9.3 by huntr.dev. Systems running Fedora 35 and 36 with the package "golang-github-emicklei-restful" version prior to 3.8.0-1.fc35 and 3.8.0-1.fc36, respectively, could also be affected.

How do I know if I'm affected?

If you're using the emicklei/go-restful GitHub repository or the golang-github-emicklei-restful package on Fedora 35 or 36, you might be affected by the CVE-2022-1996 vulnerability. To know if you're affected, check if you're using a version of emicklei/go-restful prior to 3.8.0 or the Fedora package version prior to 3.8.0-1.fc35 and 3.8.0-1.fc36. This vulnerability is related to the CORS Filter feature and the AllowedDomains parameter. If you're using these features in the affected versions, you could be at risk.

What should I do if I'm affected?

If you're affected by the CVE-2022-1996 vulnerability, update your emicklei/go-restful repository to version 3.8.0 or later. For Fedora 35 and 36 users, update the golang-github-emicklei-restful package to version 3.8.0-1.fc35 and 3.8.0-1.fc36, respectively, using the "dnf" update program. This will help mitigate the vulnerability and secure your system.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

As of now, CVE-2022-1996 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as "Authorization Bypass Through User-Controlled Key," affects the emicklei/go-restful repository prior to version 3.8.0. To address this issue, users should update their repository or Fedora package to the appropriate version, as mentioned in previous sections.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-639 as an authorization bypass issue that can be exploited through a user-controlled key. Updating the affected software mitigates this vulnerability.

For more details

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.