{"id":"CVE-2022-47551","details":"Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.","aliases":["GHSA-j94p-hv25-rm5g"],"modified":"2026-04-12T04:19:09.397102Z","published":"2022-12-20T00:15:10.050Z","references":[{"type":"ADVISORY","url":"https://www.apiman.io/blog/permissions-bypass-disclosure/"},{"type":"ADVISORY","url":"https://www.github.com/apiman/apiman"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apiman/apiman","events":[{"introduced":"8f638e233a5bc8a1004aa4c6f32d0efe27f88ae9"},{"last_affected":"656755fa2d2fdddfef759b1b1f70e961f4923ece"}],"database_specific":{"cpe":"cpe:2.3:a:apiman:apiman:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.5.7"},{"last_affected":"2.2.3"}],"source":"CPE_FIELD"}}],"versions":["2.0.0.Final","2.1.0.Final","2.1.1.Final","2.1.2.Final","2.1.3.Final","2.1.4.Final","2.1.5.Final","2.2.0.Final","2.2.1.Final","2.2.2.Final","2.2.3.Final","apiman-1.5.7.Final"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-47551.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}