Approved changes feed: RSS · Atom

cpe:2.3:a:awslabs:fhir-works-on-aws-authz-smart:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAwslabs (400e7466-79c7-523c-b85f-b53f8baa53ad)
ProductFhir Works On Aws Authz Smart (a8cd5c2a-a736-5861-8658-053351f10e3c)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-39230 vulnerable 2026-06-08 05:47:18.393656 Security issue in fhir-works-on-aws-authz-smart
MEDIUM (6.5)
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue.
Published: 2022-09-23T07:10:08.000Z
Updated: 2025-04-23T16:56:17.483Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.