CVE-2022-39291

2022-10-0721:15:00

Alpine Linux Development Team

security.alpinelinux.org

0.001 Low

EPSS

Percentile

40.4%

JSON

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with “View” system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the “/zm/index.php” endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchzoneminder< 1.36.31-r0UNKNOWN
Alpine3.17-communitynoarchzoneminder< 1.36.31-r0UNKNOWN
Alpine3.18-communitynoarchzoneminder< 1.36.31-r0UNKNOWN
Alpine3.19-communitynoarchzoneminder< 1.36.31-r0UNKNOWN
Alpine3.20-communitynoarchzoneminder< 1.36.31-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	zoneminder	< 1.36.31-r0	UNKNOWN
Alpine	3.17-community	noarch	zoneminder	< 1.36.31-r0	UNKNOWN
Alpine	3.18-community	noarch	zoneminder	< 1.36.31-r0	UNKNOWN
Alpine	3.19-community	noarch	zoneminder	< 1.36.31-r0	UNKNOWN
Alpine	3.20-community	noarch	zoneminder	< 1.36.31-r0	UNKNOWN

0.001 Low

EPSS

Percentile

40.4%

JSON

Related for ALPINE:CVE-2022-39291