Fhir Works On Aws Authz Smart
Approved changes feed: RSS · Atom
cpe:2.3:a:awslabs:fhir-works-on-aws-authz-smart:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Awslabs (400e7466-79c7-523c-b85f-b53f8baa53ad) |
|---|---|
| Product | Fhir Works On Aws Authz Smart (a8cd5c2a-a736-5861-8658-053351f10e3c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-39230 |
vulnerable | 2026-06-08 05:47:18.393656 |
Security issue in fhir-works-on-aws-authz-smart
MEDIUM (6.5)
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue.
Published: 2022-09-23T07:10:08.000Z
Updated: 2025-04-23T16:56:17.483Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.