Lucene search
MitreCVE-2022-44009HistoryDec 06, 2022 - 12:15 a.m.
CVE-2022-44009
2022-12-0600:15:10
CWE-862
mitre
web.nvd.nist.gov
29
cve-2022-44009
improper access control
key-value rbac
stackstorm
permission check
jinja filters
sensitive information exposure
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
55.3%
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn’t check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.
Affected configurations
Node
stackstormstackstormMatch3.7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| stackstorm | stackstorm | 3.7.0 | cpe:2.3:a:stackstorm:stackstorm:3.7.0:*:*:*:*:*:*:* |
References
Related
osv
osv
CVE-2022-44009
2022-12-06 00:15:10
cvelist
cvelist
CVE-2022-44009
2022-12-05 00:00:00
nvd
nvd
CVE-2022-44009
2022-12-06 00:15:10
prion
prion
Improper access control
2022-12-06 00:15:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
55.3%
Related for CVE-2022-44009