PT-2022-15186 · Unknown · Hypr Server
Published
2022-07-19
·
Updated
2022-07-27
·
CVE-2022-2192
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HYPR Server versions 6.10 through 6.15.1
Description
The issue allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page.
Recommendations
For HYPR Server versions 6.10 through 6.15.1, consider restricting access to the Magic Link page until a patch is available. As a temporary workaround, disabling the path tampering functionality in the Magic Link page may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hypr Server