cvedb.io
CVE-2022-23627
MEDIUM · CVSS 5
EPSS exploitation probability: 0%
Published 2022-02-08T23:15:07.470 · Last modified 2026-06-17T04:30:30.883

Summary

ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn't adequately verify effective access of the user sending proxy (i.e. `[Bots]`) commands. In particular, a proxy-like command sent to bot `A` targeting bot `B` has incorrectly verified user's access against bot `A` - instead of bot `B`, to which the command was originally designated. This in result allowed access to resources beyond those configured, being a security threat affecting confidentiality of other bot instances. A successful attack exploiting this bug requires a significant access granted explicitly by original owner of the ASF process prior to that, as attacker has to control at least

Affected products

archisteamfarm_project — archisteamfarm

Does this affect you?

Add your gear to cvedb and we'll alert you only when archisteamfarm_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.