{"id":"CVE-2022-32175","details":"In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.","aliases":["GHSA-mwwc-3jv2-62j3"],"modified":"2026-04-10T04:49:40.098606Z","published":"2022-10-11T15:15:09.920Z","references":[{"type":"EVIDENCE","url":"https://github.com/AdguardTeam/AdGuardHome/blob/v0.108.0-b.13/internal/home/controlfiltering.go#L265"},{"type":"EVIDENCE","url":"https://www.mend.io/vulnerability-database/CVE-2022-32175"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/adguardteam/adguardhome","events":[{"introduced":"7d2df263359c95d8e31e0319d0d15c93e4ceb886"},{"last_affected":"6856a80380f25b3e50e6b560e41a7f89258cf3dd"}],"database_specific":{"versions":[{"introduced":"v0.95"},{"last_affected":"v0.108.0-b.13"}]}}],"versions":["v0.100.0","v0.100.1","v0.100.2","v0.100.3","v0.100.4","v0.100.5","v0.100.6","v0.100.7","v0.100.8","v0.100.9","v0.101.0","v0.102.0","v0.103.0","v0.103.0-beta1","v0.103.0-beta2","v0.103.0-beta3","v0.103.1","v0.103.2","v0.103.3","v0.104.0","v0.104.0-beta1","v0.104.0-beta2","v0.104.0-beta3","v0.104.1","v0.105.0","v0.105.0-beta.3","v0.105.0-beta.4","v0.105.0-beta.5","v0.105.1","v0.105.1-beta.1","v0.105.2","v0.105.2-beta.1","v0.106.0","v0.106.0-b.1","v0.106.0-b.2","v0.106.0-b.3","v0.106.0-b.4","v0.106.0-b.5","v0.107.0","v0.107.0-b.1","v0.107.0-b.10","v0.107.0-b.11","v0.107.0-b.12","v0.107.0-b.13","v0.107.0-b.14","v0.107.0-b.15","v0.107.0-b.16","v0.107.0-b.17","v0.107.0-b.2","v0.107.0-b.3","v0.107.0-b.4","v0.107.0-b.5","v0.107.0-b.6","v0.107.0-b.7","v0.107.0-b.8","v0.107.0-b.9","v0.108.0-b.1","v0.108.0-b.10","v0.108.0-b.11","v0.108.0-b.12","v0.108.0-b.13","v0.108.0-b.2","v0.108.0-b.3","v0.108.0-b.4","v0.108.0-b.5","v0.108.0-b.6","v0.108.0-b.7","v0.108.0-b.8","v0.108.0-b.9","v0.95-hotfix","v0.96","v0.96-hotfix","v0.97.0","v0.97.1","v0.98.0","v0.98.1","v0.99.0","v0.99.1","v0.99.2","v0.99.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0.95"},{"fixed":"0.108"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta10"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta11"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta12"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta3"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta4"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta5"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta6"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta7"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta8"}]},{"events":[{"introduced":"0"},{"last_affected":"0.108-beta9"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32175.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}]}