CVE: CVE-2022-31162

Export to Word

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive information in application logs. As a workaround, do not print/output requests and responses for OAuth and client configurations in logs.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00371
Percentile: 0.58099

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-1258 : Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor
CWE-212 : Improper Removal of Sensitive Information Before Storage or Transfer

All CAPEC(s)

CAPEC-116: Excavation
CAPEC-13: Subverting Environment Variable Values
CAPEC-150: Collect Data from Common Resource Locations
CAPEC-168: Windows ::DATA Alternate Data Stream
CAPEC-169: Footprinting
CAPEC-204: Lifting Sensitive Data Embedded in Cache
CAPEC-22: Exploiting Trust in Client
CAPEC-224: Fingerprinting
CAPEC-285: ICMP Echo Request Ping
CAPEC-287: TCP SYN Scan
CAPEC-290: Enumerate Mail Exchange (MX) Records
CAPEC-291: DNS Zone Transfers
CAPEC-292: Host Discovery
CAPEC-293: Traceroute Route Enumeration
CAPEC-294: ICMP Address Mask Request
CAPEC-295: Timestamp Request
CAPEC-296: ICMP Information Request
CAPEC-297: TCP ACK Ping
CAPEC-298: UDP Ping
CAPEC-299: TCP SYN Ping
CAPEC-300: Port Scanning
CAPEC-301: TCP Connect Scan
CAPEC-302: TCP FIN Scan
CAPEC-303: TCP Xmas Scan
CAPEC-304: TCP Null Scan
CAPEC-305: TCP ACK Scan
CAPEC-306: TCP Window Scan
CAPEC-307: TCP RPC Scan
CAPEC-308: UDP Scan
CAPEC-309: Network Topology Mapping
CAPEC-310: Scanning for Vulnerable Software
CAPEC-312: Active OS Fingerprinting
CAPEC-313: Passive OS Fingerprinting
CAPEC-317: IP ID Sequencing Probe
CAPEC-318: IP 'ID' Echoed Byte-Order Probe
CAPEC-319: IP (DF) 'Don't Fragment Bit' Echoing Probe
CAPEC-320: TCP Timestamp Probe
CAPEC-321: TCP Sequence Number Probe
CAPEC-322: TCP (ISN) Greatest Common Divisor Probe
CAPEC-323: TCP (ISN) Counter Rate Probe
CAPEC-324: TCP (ISN) Sequence Predictability Probe
CAPEC-325: TCP Congestion Control Flag (ECN) Probe
CAPEC-326: TCP Initial Window Size Probe
CAPEC-327: TCP Options Probe
CAPEC-328: TCP 'RST' Flag Checksum Probe
CAPEC-329: ICMP Error Message Quoting Probe
CAPEC-330: ICMP Error Message Echoing Integrity Probe
CAPEC-37: Retrieve Embedded Sensitive Data
CAPEC-472: Browser Fingerprinting
CAPEC-497: File Discovery
CAPEC-508: Shoulder Surfing
CAPEC-545: Pull Data from System Resources
CAPEC-573: Process Footprinting
CAPEC-574: Services Footprinting
CAPEC-575: Account Footprinting
CAPEC-576: Group Permission Footprinting
CAPEC-577: Owner Footprinting
CAPEC-59: Session Credential Falsification through Prediction
CAPEC-60: Reusing Session IDs (aka Session Replay)
CAPEC-616: Establish Rogue Location
CAPEC-643: Identify Shared Files/Directories on System
CAPEC-646: Peripheral Footprinting
CAPEC-651: Eavesdropping
CAPEC-79: Using Slashes in Alternate Encoding

CAPEC(s) with Mapped TTPs

CAPEC-13: Subverting Environment Variable Values
Mapped TTPs:
- T1562.003 : Impair Command History Logging
- T1574.006 : Dynamic Linker Hijacking
- T1574.007 : Path Interception by PATH Environment Variable
CAPEC-150: Collect Data from Common Resource Locations
Mapped TTPs:
- T1003 : OS Credential Dumping
- T1119 : Automated Collection
- T1213 : Data from Information Repositories
- T1530 : Data from Cloud Storage
- T1555 : Credentials from Password Stores
- T1602 : Data from Configuration Repository
CAPEC-169: Footprinting
Mapped TTPs:
- T1217 : Browser Information Discovery
- T1592 : Gather Victim Host Information
- T1595 : Active Scanning
CAPEC-204: Lifting Sensitive Data Embedded in Cache
Mapped TTPs:
- T1005 : Data from Local System
CAPEC-292: Host Discovery
Mapped TTPs:
- T1018 : Remote System Discovery
CAPEC-295: Timestamp Request
Mapped TTPs:
- T1124 : System Time Discovery
CAPEC-300: Port Scanning
Mapped TTPs:
- T1046 : Network Service Discovery
CAPEC-309: Network Topology Mapping
Mapped TTPs:
- T1016 : System Network Configuration Discovery
- T1049 : System Network Connections Discovery
- T1590 : Gather Victim Network Information
CAPEC-312: Active OS Fingerprinting
Mapped TTPs:
- T1082 : System Information Discovery
CAPEC-313: Passive OS Fingerprinting
Mapped TTPs:
- T1082 : System Information Discovery
CAPEC-37: Retrieve Embedded Sensitive Data
Mapped TTPs:
- T1005 : Data from Local System
- T1552.004 : Private Keys
CAPEC-497: File Discovery
Mapped TTPs:
- T1083 : File and Directory Discovery
CAPEC-545: Pull Data from System Resources
Mapped TTPs:
- T1005 : Data from Local System
- T1555.001 : Keychain
CAPEC-573: Process Footprinting
Mapped TTPs:
- T1057 : Process Discovery
CAPEC-574: Services Footprinting
Mapped TTPs:
- T1007 : System Service Discovery
CAPEC-575: Account Footprinting
Mapped TTPs:
- T1087 : Account Discovery
CAPEC-576: Group Permission Footprinting
Mapped TTPs:
- T1069 : Permission Groups Discovery
- T1615 : Group Policy Discovery
CAPEC-577: Owner Footprinting
Mapped TTPs:
- T1033 : System Owner/User Discovery
CAPEC-60: Reusing Session IDs (aka Session Replay)
Mapped TTPs:
- T1134.001 : Token Impersonation/Theft
- T1550.004 : Web Session Cookie
CAPEC-616: Establish Rogue Location
Mapped TTPs:
- T1036.005 : Match Legitimate Resource Name or Location
CAPEC-643: Identify Shared Files/Directories on System
Mapped TTPs:
- T1135 : Network Share Discovery
CAPEC-646: Peripheral Footprinting
Mapped TTPs:
- T1120 : Peripheral Device Discovery
CAPEC-651: Eavesdropping
Mapped TTPs:
- T1111 : Multi-Factor Authentication Interception

Mapped ATT&CK TTPs

T1562.003 : Impair Command History Logging
Kill Chain: defense-evasion
T1574.006 : Dynamic Linker Hijacking
Kill Chain: persistence
T1574.007 : Path Interception by PATH Environment Variable
Kill Chain: persistence
T1003 : OS Credential Dumping
Kill Chain: credential-access
T1119 : Automated Collection
Kill Chain: collection
T1213 : Data from Information Repositories
Kill Chain: collection
T1530 : Data from Cloud Storage
Kill Chain: collection
T1555 : Credentials from Password Stores
Kill Chain: credential-access
T1602 : Data from Configuration Repository
Kill Chain: collection
T1217 : Browser Information Discovery
Kill Chain: discovery
T1592 : Gather Victim Host Information
Kill Chain: reconnaissance
T1595 : Active Scanning
Kill Chain: reconnaissance
T1005 : Data from Local System
Kill Chain: collection
T1018 : Remote System Discovery
Kill Chain: discovery
T1124 : System Time Discovery
Kill Chain: discovery
T1046 : Network Service Discovery
Kill Chain: discovery
T1016 : System Network Configuration Discovery
Kill Chain: discovery
T1049 : System Network Connections Discovery
Kill Chain: discovery
T1590 : Gather Victim Network Information
Kill Chain: reconnaissance
T1082 : System Information Discovery
Kill Chain: discovery
T1082 : System Information Discovery
Kill Chain: discovery
T1005 : Data from Local System
Kill Chain: collection
T1552.004 : Private Keys
Kill Chain: credential-access
T1083 : File and Directory Discovery
Kill Chain: discovery
T1005 : Data from Local System
Kill Chain: collection
T1555.001 : Keychain
Kill Chain: credential-access
T1057 : Process Discovery
Kill Chain: discovery
T1007 : System Service Discovery
Kill Chain: discovery
T1087 : Account Discovery
Kill Chain: discovery
T1069 : Permission Groups Discovery
Kill Chain: discovery
T1615 : Group Policy Discovery
Kill Chain: discovery
T1033 : System Owner/User Discovery
Kill Chain: discovery
T1134.001 : Token Impersonation/Theft
Kill Chain: defense-evasion
T1550.004 : Web Session Cookie
Kill Chain: defense-evasion
T1036.005 : Match Legitimate Resource Name or Location
Kill Chain: defense-evasion
T1135 : Network Share Discovery
Kill Chain: discovery
T1120 : Peripheral Device Discovery
Kill Chain: discovery
T1111 : Multi-Factor Authentication Interception
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

C0027
Operation Wocao
APT41 DUST
FunnyDream
ArcaneDoor
SolarWinds Compromise
Operation CuckooBees
Juicy Mix
CostaRicto
Operation Honeybee
2016 Ukraine Electric Power Attack
RedDelta Modified PlugX Infection Chain Operations
2015 Ukraine Electric Power Attack
C0018
Operation Dream Job
C0015
Frankenstein
Outer Space
Night Dragon
Leviathan Australian Intrusions
ShadowRay
Operation MidnightEclipse
C0032
HomeLand Justice
C0017
Operation Sharpshooter
Cutting Edge
J-magic Campaign
Triton Safety Instrumented System Attack
KV Botnet Activity
C0026

Affected Products

cpe:2.3:a:slack_morphism_project:slack_morphism:*:*:*:*:*:rust:*:*

← Back to Home