CVE Vulnerability

CVE-2022-31190

DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/DSpace/DSpace/security/advisories/GHSA-7w85-pp86-p4pq Patch Third Party Advisory
https://github.com/DSpace/DSpace/pull/2451 Patch Third Party Advisory
https://github.com/DSpace/DSpace/commit/574e25496a40173653ae7d0a49a19ed8e3458606.patch Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:duraspace:dspace:*:*:*:*:*:*:*:*
Information

Published : 2022-08-01 08:15

Updated : 2022-08-08 04:52

NVD link : CVE-2022-31190

Mitre link : CVE-2022-31190

Products Affected
No products.
CWE
CWE-200