What is CVE-2022-39230?

CVE-2022-39230 is a vulnerability in the fhir-works-on-aws-authz-smart software that allows a client of the API to retrieve more information than authorized.

What is the severity of CVE-2022-39230?

CVE-2022-39230 has a severity rating of 6.5 (medium).

How does CVE-2022-39230 affect fhir-works-on-aws-authz-smart?

CVE-2022-39230 affects versions 3.1.0 to 3.1.3 of fhir-works-on-aws-authz-smart, allowing unauthorized retrieval of sensitive information.

How can I fix CVE-2022-39230?

To fix CVE-2022-39230, update fhir-works-on-aws-authz-smart to version 3.1.3 or later.

Where can I find more information about CVE-2022-39230?

More information about CVE-2022-39230 can be found at the following reference: https://github.com/awslabs/fhir-works-on-aws-authz-smart/security/advisories/GHSA-vv7x-7w4m-q72f

Vulnerability/
CVE-2022-39230

medium

6.5

CWE

200

23/9/2022

3/8/2024

CVE-2022-39230: Security issue in fhir-works-on-aws-authz-smart

First published: Fri Sep 23 2022(Updated: )

fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Amazon Fhir-works-on-aws-authz-smart	>=3.1.0<3.1.3

Never miss a vulnerability like this again

Reference Links

https://github.com/awslabs/fhir-works-on-aws-authz-smart/security/advisories/GHSA-vv7x-7w4m-q72f

Frequently Asked Questions

What is CVE-2022-39230?
CVE-2022-39230 is a vulnerability in the fhir-works-on-aws-authz-smart software that allows a client of the API to retrieve more information than authorized.
What is the severity of CVE-2022-39230?
CVE-2022-39230 has a severity rating of 6.5 (medium).
How does CVE-2022-39230 affect fhir-works-on-aws-authz-smart?
CVE-2022-39230 affects versions 3.1.0 to 3.1.3 of fhir-works-on-aws-authz-smart, allowing unauthorized retrieval of sensitive information.
How can I fix CVE-2022-39230?
To fix CVE-2022-39230, update fhir-works-on-aws-authz-smart to version 3.1.3 or later.
Where can I find more information about CVE-2022-39230?
More information about CVE-2022-39230 can be found at the following reference: https://github.com/awslabs/fhir-works-on-aws-authz-smart/security/advisories/GHSA-vv7x-7w4m-q72f

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/last-modified-date
agent/author
agent/references
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/amazon
canonical/amazon fhir-works-on-aws-authz-smart
version/amazon fhir-works-on-aws-authz-smart/3.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.