What is CVE-2022-31162?

CVE-2022-31162 is a high-severity vulnerability in Abdolence Slack-morphism-rust, classified under CWE-1258. CVSS score: 7.5/10. Published 2022-07-21.

How severe is CVE-2022-31162?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2022-31162 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Abdolence Slack-morphism-rust

CVE-2022-31162

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret…

EPSS: 0.004 (60.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Abdolence Slack-morphism-rust — versions < 0.41.0

Weakness classification (CWE)

Public proof-of-concept exploits

ref3t/Attack2VUL

References

github.com/abdolence/slack-morphism-rust/security/advisories/GHSA-99j7-mhfh-w84p (x_refsource_CONFIRM)
github.com/abdolence/slack-morphism-rust/releases/tag/v0.41.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31162?: CVE-2022-31162 is a high-severity vulnerability in Abdolence Slack-morphism-rust, classified under CWE-1258. CVSS score: 7.5/10. Published 2022-07-21.
How severe is CVE-2022-31162?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2022-31162 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.