CVE-2022-3869 - Vulnerability Details

Vendors	Products
Froxlor	Froxlor

Link	Providers
https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8
https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3869", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "dateUpdated": "2025-05-05T20:27:55.467Z", "dateReserved": "2022-11-05T00:00:00.000Z", "datePublished": "2022-11-05T00:00:00.000Z"}, "containers": {"cna": {"title": " Code Injection in froxlor/froxlor", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2022-11-05T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2."}], "affected": [{"vendor": "froxlor", "product": "froxlor/froxlor", "versions": [{"version": "unspecified", "lessThan": "0.10.38.2", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b"}, {"url": "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code", "cweId": "CWE-94"}]}], "source": {"advisory": "7de20f21-4a9b-445d-ae2b-15ade648900b", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.628Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b", "tags": ["x_transferred"]}, {"url": "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-05T20:27:39.650757Z", "id": "CVE-2022-3869", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T20:27:55.467Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2022-3869 (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

assignerShortName : @huntrdev (string)

dateUpdated : 2025-05-05T20:27:55.467Z (string)

dateReserved : 2022-11-05T00:00:00.000Z (string)

datePublished : 2022-11-05T00:00:00.000Z (string)

}

containers : { »

cna : { »

title : Code Injection in froxlor/froxlor (string)

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2022-11-05T00:00:00.000Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. (string)

}

]

affected : [ »

0 : { »

vendor : froxlor (string)

product : froxlor/froxlor (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 0.10.38.2 (string)

status : affected (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b (string)

}

1 : { »

url : https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

version : 3.0 (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (string)

attackVector : NETWORK (string)

attackComplexity : LOW (string)

privilegesRequired : NONE (string)

userInteraction : NONE (string)

scope : UNCHANGED (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

availabilityImpact : NONE (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

lang : en (string)

description : CWE-94 Improper Control of Generation of Code (string)

cweId : CWE-94 (string)

}

]

}

]

source : { »

advisory : 7de20f21-4a9b-445d-ae2b-15ade648900b (string)

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T01:20:58.628Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-05-05T20:27:39.650757Z (string)

id : CVE-2022-3869 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-05-05T20:27:55.467Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b", "tags": ["x_transferred"]}, {"url": "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.628Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3869", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-05T20:27:39.650757Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T20:27:49.430Z"}}], "cna": {"title": " Code Injection in froxlor/froxlor", "source": {"advisory": "7de20f21-4a9b-445d-ae2b-15ade648900b", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "froxlor", "product": "froxlor/froxlor", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.10.38.2", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b"}, {"url": "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8"}], "descriptions": [{"lang": "en", "value": "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2022-11-05T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3869", "state": "PUBLISHED", "dateUpdated": "2025-05-05T20:27:55.467Z", "dateReserved": "2022-11-05T00:00:00.000Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2022-11-05T00:00:00.000Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T01:20:58.628Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-3869 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-05-05T20:27:39.650757Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-05-05T20:27:49.430Z (string)

}

]

cna : { »

title : Code Injection in froxlor/froxlor (string)

source : { »

advisory : 7de20f21-4a9b-445d-ae2b-15ade648900b (string)

discovery : EXTERNAL (string)

}

metrics : [ »

0 : { »

cvssV3_0 : { »

scope : UNCHANGED (string)

version : 3.0 (string)

baseScore : 6.5 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (string)

integrityImpact : LOW (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : NONE (string)

confidentialityImpact : LOW (string)

}

]

affected : [ »

0 : { »

vendor : froxlor (string)

product : froxlor/froxlor (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 0.10.38.2 (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b (string)

}

1 : { »

url : https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-94 (string)

description : CWE-94 Improper Control of Generation of Code (string)

}

]

}

]

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2022-11-05T00:00:00.000Z (string)

}

cveMetadata : { »

cveId : CVE-2022-3869 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-05T20:27:55.467Z (string)

dateReserved : 2022-11-05T00:00:00.000Z (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

datePublished : 2022-11-05T00:00:00.000Z (string)

assignerShortName : @huntrdev (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*", "matchCriteriaId": "55150ADE-E8D1-405B-BE7D-265A2BFDDFAD", "versionEndExcluding": "0.10.38.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2."}, {"lang": "es", "value": "Inyecci\u00f3n de C\u00f3digo en el repositorio de GitHub froxlor/froxlor anterior a 0.10.38.2."}], "id": "CVE-2022-3869", "lastModified": "2024-11-21T07:20:24.220", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-05T14:15:09.580", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 55150ADE-E8D1-405B-BE7D-265A2BFDDFAD (string)

versionEndExcluding : 0.10.38.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. (string)

}

1 : { »

lang : es (string)

value : Inyección de Código en el repositorio de GitHub froxlor/froxlor anterior a 0.10.38.2. (string)

}

]

id : CVE-2022-3869 (string)

lastModified : 2024-11-21T07:20:24.220 (string)

metrics : { »

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.5 (number)

source : security@huntr.dev (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-11-05T14:15:09.580 (string)

references : [ »

0 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 (string)

}

1 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/froxlor/froxlor/commit/3f10a4adede9df83408d60ded78b51b812a763a8 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b (string)

}

]

sourceIdentifier : security@huntr.dev (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-94 (string)

}

]

source : security@huntr.dev (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object