CVE-2022-23513

Name of the Vulnerable Software and Affected Versions Pi-Hole (affected versions not specified)

Description The issue is related to a lack of validation in the code on a root server path: /admin/scripts/pi-hole/phpqueryads.php. This allows a potential threat actor to perform an unauthorized query for blocked domains on the queryads endpoint, potentially leading to the disclosure of victims' personal blacklists. The vulnerability is associated with inadequate access control in the Pi-hole AdminLTE dashboard.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.