CVE-2022-23513

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23513

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23513.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-23513

Aliases

GHSA-6qh8-6rrj-7497

Published

2022-12-22T23:17:19.812Z

Modified

2025-12-06T00:06:19.044378Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint

Details

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: /admin/scripts/pi-hole/phpqueryads.php. Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists.

Database specific

{
    "cwe_ids": [
        "CWE-284"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23513.json"
}

References

Affected packages

Git / github.com/pi-hole/adminlte

Affected ranges

Type: GIT
Repo: https://github.com/pi-hole/adminlte
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23513.json"

Git / github.com/pi-hole/web

Affected ranges

Type: GIT
Repo: https://github.com/pi-hole/web
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ad2d43869e9ad97cc3a8c5afc6fefec0e142a972

Affected versions

0.*

0.1

1.*

1.0

1.1

1.2

1.2.1

1.3

2.*

2.0.0

2.1.0

2.1.1

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.2

v1.3

v1.4

v1.4.1

v1.4.2

v1.4.3

v1.4.3.1

v1.4.3.1a

v1.4.4

v1.4.4.1

v1.4.4.2

v2.*

v2.0

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.1

v2.1.0-alpha-1

v2.1.0-beta

v2.1.2

v2.2

v2.2.0

v2.3

v2.3.1

v2.4

v2.5

v2.5.1

v2.5.2

v3.*

v3.0

v3.0.1

v3.0.1a

v3.1

v3.2

v3.2.1

v3.3

v4.*

v4.0

v4.1

v4.1.1

v4.2

v4.3

v4.3.2

v4.3.3

v5.*

v5.0

v5.1

v5.1.1

v5.10

v5.10.1

v5.11

v5.12

v5.13

v5.14

v5.14.1

v5.14.2

v5.15

v5.15.1

v5.16

v5.17

v5.2

v5.2.1

v5.2.2

v5.3

v5.3.1

v5.3.2

v5.4

v5.5

v5.5.1

v5.6

v5.7

v5.8

v5.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23513.json"