CVE-2022-31149: ActivityWatch vulnerable to DNS rebinding attack

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-31149

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

ActivityWatch vulnerable to DNS rebinding attack

Source: NVD (National Vulnerability Database)

Vulnerability Description

ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a patch. As a workaround, block DNS lookups that resolve to 127.0.0.1.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用欺骗进行的认证绕过

Source: NVD (National Vulnerability Database)

Vulnerability Title

ActivityWatch 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ActivityWatch是ActivityWatch开源的一个免费和开源自动时间跟踪器。 ActivityWatch 0.12.0b2 之前的版本存在安全漏洞，该漏洞源于容易受到 DNS 重新绑定攻击，攻击者利用该漏洞可以

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ActivityWatch	activitywatch	< 0.12.0b2	-

II. Public POCs for CVE-2022-31149

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-31149

Please Login to view more intelligence information

https://gist.github.com/zozs/fdebbce75fc8538c15851b46db944a16x_refsource_MISC
https://github.com/ActivityWatch/activitywatch/security/advisories/GHSA-v9fg-6g9j-h4x4x_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2022-31149

IV. Related Vulnerabilities

Same vendor: ActivityWatch

CVE-2021-32692
Activity Watch vulnerable to command execution on macOS via

Same weakness: CWE-290

V. Comments for CVE-2022-31149

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-31149

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-31149

III. Intelligence Information for CVE-2022-31149

IV. Related Vulnerabilities

V. Comments for CVE-2022-31149

Leave a comment