Lucene search

MitreCVE-2022-37298

HistoryOct 20, 2022 - 11:15 a.m.

CVE-2022-37298

2022-10-2011:15:10

CWE-287

mitre

web.nvd.nist.gov

cve-2022-37298

shinken solutions

shinken monitoring

vulnerability

access control

safeunpickler

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.

Affected configurations

Nvd

Node

shinken-monitoringshinken_monitoringMatch2.4.3

VendorProductVersionCPE
shinken-monitoringshinken_monitoring2.4.3cpe:2.3:a:shinken-monitoring:shinken_monitoring:2.4.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shinken-monitoring	shinken_monitoring	2.4.3	cpe:2.3:a:shinken-monitoring:shinken_monitoring:2.4.3:::::::*

References

github.com/dbyio/cve-2022-37298

github.com/naparuba/shinken/commit/2dae40fd1e713aec9e1966a0ab7a580b9180cff2

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

Related for CVE-2022-37298