Vulnerabilities > CVE-2022-31164 - Unspecified vulnerability in Tovyblox Tovy

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

tovyblox

NVD

Published: 2022-07-22

Updated: 2024-11-21

Summary

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51.

Vulnerable Configurations

Part	Description	Count
Application	Tovyblox Tovyblox Tovy *	1

References

https://github.com/tovyblox/tovy/pull/63
https://github.com/tovyblox/tovy/pull/63
https://github.com/tovyblox/tovy/security/advisories/GHSA-j6f8-wh4v-jc37
https://github.com/tovyblox/tovy/security/advisories/GHSA-j6f8-wh4v-jc37