Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-38817HistoryOct 03, 2022 - 2:15 p.m.
Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control
2022-10-0314:15:49
ProjectDiscovery
github.com
8
dapr_dashboard
improper access control
unauthorized
linuxfoundation
cve2022
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.018
Percentile
88.4%
Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
id: CVE-2022-38817
info:
name: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control
author: For3stCo1d
severity: high
description: |
Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
The vulnerability allows unauthorized access to the Dapr Dashboard, potentially leading to unauthorized actions and data exposure.
remediation: |
Upgrade Dapr Dashboard to a version that includes the fix for CVE-2022-38817 or apply the necessary patches provided by the vendor.
reference:
- https://github.com/dapr/dashboard/issues/222
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38817
- https://github.com/dapr/dashboard
- https://nvd.nist.gov/vuln/detail/CVE-2022-38817
- https://github.com/Miraitowa70/POC-Notes
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-38817
cwe-id: CWE-306
epss-score: 0.0132
epss-percentile: 0.8595
cpe: cpe:2.3:a:linuxfoundation:dapr_dashboard:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: linuxfoundation
product: dapr_dashboard
shodan-query:
- http.title:"Dapr Dashboard"
- http.title:"dapr dashboard"
fofa-query: title="dapr dashboard"
google-query: intitle:"dapr dashboard"
tags: cve,cve2022,dapr,dashboard,unauth,linuxfoundation
http:
- method: GET
path:
- "{{BaseURL}}/components/statestore"
- "{{BaseURL}}/overview"
- "{{BaseURL}}/controlplane"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Dapr Dashboard</title>'
- type: status
status:
- 200
# digest: 490a0046304402205ea9f50dc71fc8b5f4d75dd29b1081cded28ba8d5cf5feffdcb3c6c08d82dd12022004ebd2036c0cd6f38f7f234b4d8393eae2efb944eaefb368f24c0c4340564986:922c64590222798bb761d5b6d8e72950Related
prion
prion
Improper access control
2022-10-03 13:15:00
nvd
nvd
CVE-2022-38817
2022-10-03 13:15:11
cve
cve
CVE-2022-38817
2022-10-03 13:15:11
veracode
veracode
Information Disclosure
2022-10-06 06:50:10
osv
osv
Dapr Dashboard vulnerable to Incorrect Access Control
2022-10-04 00:00:25
CVE-2022-38817
2022-10-03 13:15:11
cnvd
cnvd
Dapr Dashboard Access Control Error Vulnerability
2022-10-11 00:00:00
github
github
Dapr Dashboard vulnerable to Incorrect Access Control
2022-10-04 00:00:25
cvelist
cvelist
CVE-2022-38817
2022-10-03 12:32:19
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.018
Percentile
88.4%
Related for NUCLEI:CVE-2022-38817