{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T14:12:24.041","vulnerabilities":[{"cve":{"id":"CVE-2022-24798","sourceIdentifier":"security-advisories@github.com","published":"2022-03-31T23:15:08.307","lastModified":"2024-11-21T06:51:07.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR objects. This issue only affected instances that process password hashes, which means it is limited to IRRd instances that serve authoritative databases. IRRd instances operating solely as mirrors of other IRR databases are not affected. This has been fixed in IRRd 4.2.3 and the main branch. Versions in the 4.1.x series never were affected. Users of the 4.2.x series are strongly recommended to upgrade. There are no known workarounds for this issue."},{"lang":"es","value":"El demonio Internet Routing Registry versión 4 es un servidor de base de datos IRR, que procesa objetos IRR en el formato RPSL. IRRd no siempre filtraba los hashes de las contraseñas en las respuestas de las consultas relacionadas con los objetos \"mntner\" y las exportaciones de la base de datos. Esto podía permitir a adversarios recuperar algunos de estos hashes, llevar a cabo una búsqueda por fuerza bruta de la frase de contraseña en texto sin cifrar y usarlos para realizar cambios no autorizados en los objetos IRR afectados. Este problema sólo afectó a las instancias que procesan hashes de contraseñas, lo que significa que se limita a las instancias de IRRd que sirven a bases de datos autorizadas. Las instancias de IRRd que funcionan únicamente como réplicas de otras bases de datos de IRR no están afectadas. Esto ha sido corregido en IRRd versión 4.2.3 y en la rama principal. Las versiones de la serie 4.1.x nunca fueron afectadas. Es recomendado encarecidamente a usuarios de la serie 4.2.x actualizar. no se presentan medidas de mitigación conocidas para este problema"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-212"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-212"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:internet_routing_registry_daemon_project:internet_routing_registry_daemon:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.3","matchCriteriaId":"C0DC5A79-EC7A-4CD8-92D7-EE997B70B7DB"}]}]}],"references":[{"url":"https://github.com/irrdnet/irrd/commit/0e41bae8d3d27316381a2fc7b466597230e35ec6","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/irrdnet/irrd/commit/fdffaf8dd71713f06e99dff417e6aa1e6fa84b70","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/irrdnet/irrd/security/advisories/GHSA-cqxx-66wh-8pjw","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/irrdnet/irrd/commit/0e41bae8d3d27316381a2fc7b466597230e35ec6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/irrdnet/irrd/commit/fdffaf8dd71713f06e99dff417e6aa1e6fa84b70","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/irrdnet/irrd/security/advisories/GHSA-cqxx-66wh-8pjw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}}]}