Home > Vulnerability Database > CVE-2022-39230

Mend.io Vulnerability Database

CVE-2022-39230

Good to know:

Date: September 23, 2022

fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue.

Language: TYPE_SCRIPT

Severity Score

6.5

Related Resources (5)

Url: https://github.com/awslabs/fhir-works-on-aws-authz-smart/commit/203bbc0dd17de748c36b33c68b866ed2dfd613d3

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39230

Url: https://github.com/awslabs/fhir-works-on-aws-authz-smart/security/advisories/GHSA-vv7x-7w4m-q72f

Url: https://github.com/awslabs/fhir-works-on-aws-authz-smart

Url: https://www.mend.io/vulnerability-database/CVE-2022-39230

Severity Score

6.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Improper Preservation of Permissions

CWE-281

Top Fix

Upgrade Version

Upgrade to version fhir-works-on-aws-authz-smart - 3.1.3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39230

Good to know:

Date: September 23, 2022

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?