Lucene search

[email protected]NVD:CVE-2022-37298

HistoryOct 20, 2022 - 11:15 a.m.

CVE-2022-37298

2022-10-2011:15:10

CWE-287

[email protected]

web.nvd.nist.gov

shinken solutions

monitoring

vulnerable

access control

safeunpickler class

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.3%

JSON

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.

Affected configurations

Nvd

Node

shinken-monitoringshinken_monitoringMatch2.4.3

VendorProductVersionCPE
shinken-monitoringshinken_monitoring2.4.3cpe:2.3:a:shinken-monitoring:shinken_monitoring:2.4.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shinken-monitoring	shinken_monitoring	2.4.3	cpe:2.3:a:shinken-monitoring:shinken_monitoring:2.4.3:::::::*

References

github.com/dbyio/cve-2022-37298

github.com/naparuba/shinken/commit/2dae40fd1e713aec9e1966a0ab7a580b9180cff2

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.3%

JSON

Related for NVD:CVE-2022-37298

veracode1 ubuntucve1 githubexploit2 prion1 osv2 cve1 cvelist1 github1