CVE-2022-39322 : Vulnerability Insights and Analysis
@keystone-6/core vulnerability (CVE-2022-39322) impacts field-level access control for `multiselect` fields, affecting versions 2.2.0 to 2.3.0. Learn about the impact, mitigation, and prevention steps.
A vulnerability in @keystone-6/core package affects users' field-level access control, leading to a bypass for multiselect fields.
Understanding CVE-2022-39322
This vulnerability impacts Keystone 6 users using version 2.2.0 up to but not including version 2.3.1, potentially exposing their field-level access control.
What is CVE-2022-39322?
The vulnerability in @keystone-6/core allows malicious actors to bypass field-level access control for
multiselectThe Impact of CVE-2022-39322
Users relying on field-level access control for
multiselectTechnical Details of CVE-2022-39322
The vulnerability is classified under CWE-285: Improper Authorization with a CVSSv3.1 base score of 9.1 (Critical).
Vulnerability Description
Starting from @keystone-6/core version 2.2.0 through 2.3.0, field-level access control for
multiselectAffected Systems and Versions
Users of Keystone 6 with @keystone-6/core versions greater than or equal to 2.2.0 and less than 2.3.1 are affected by this vulnerability.
Exploitation Mechanism
Malicious actors can exploit this vulnerability to bypass field-level access control for
multiselectMitigation and Prevention
Keystone 6 users are advised to take immediate steps to secure their systems against this vulnerability.
Immediate Steps to Take
Users should update @keystone-6/core to version 2.3.1 as it contains a fix for the bypass vulnerability. Alternatively, stopping the use of
multiselectLong-Term Security Practices
Implement comprehensive access control measures and regularly update to the latest versions of software to prevent such vulnerabilities.
Patching and Updates
Regularly check for security advisories and apply patches promptly to maintain a secure system.