Lucene search

GitHub Advisory DatabaseGHSA-P373-JQFM-J6WR

HistoryOct 20, 2022 - 12:00 p.m.

Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control

2022-10-2012:00:15

CWE-287

GitHub Advisory Database

github.com

shinken monitoring

vulnerability

weak authentication

safeunpickler

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.3%

JSON

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.

Affected configurations

Vulners

Node

shinken-monitoringshinken_monitoringRange≤2.4.3

VendorProductVersionCPE
shinken-monitoringshinken_monitoring*cpe:2.3:a:shinken-monitoring:shinken_monitoring:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shinken-monitoring	shinken_monitoring	*	cpe:2.3:a:shinken-monitoring:shinken_monitoring::::::::

References

github.com/advisories/GHSA-p373-jqfm-j6wr

github.com/dbyio/cve-2022-37298

github.com/naparuba/shinken/commit/2dae40fd1e713aec9e1966a0ab7a580b9180cff2

nvd.nist.gov/vuln/detail/CVE-2022-37298

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.3%

JSON

Related for GHSA-P373-JQFM-J6WR