CVE-2022-39230

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions fhir-works-on-aws-authz-smart versions 3.1.1 through 3.1.2

Description The issue allows a client of the API to retrieve more information than the client's OAuth scope permits when making "search-type" requests. However, this issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access.

Recommendations For fhir-works-on-aws-authz-smart versions 3.1.1 and 3.1.2, upgrade to version 3.1.3 or higher immediately. There is no workaround for this issue, so upgrading to the latest version is the recommended course of action.

Exploit

Fix

Improper Preservation of Permissions

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281CWE-200

Related Identifiers

CVE-2022-39230

GHSA-VV7X-7W4M-Q72F

Affected Products

Fhir-Works-On-Aws-Authz-Smart

CVE-2022-39230

Weakness Enumeration

Related Identifiers

Affected Products

References · 8