GO-2022-0491 Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users in github.com/edgexfoundry/app-functions-sdk-go

🗓️ 21 Aug 2024 15:11:33Reported by GoogleType

osv🔗 osv.dev👁 10 Views

Exposure of message bus credentials to local unauthenticated users in EdgeXFoundry 2.1.0

Reporter	Title	Published	Views	Family All 14
BDU FSTEC	The vulnerability of the EdgeXFoundry IoT platform’s /api/v2/config component allows attackers to disclose sensitive information and increase their privileges.	29 Jun 202200:00	–	bdu_fstec
CNNVD	EdgeX Foundry 信息泄露漏洞	14 Jun 202200:00	–	cnnvd
CVE	CVE-2022-31066	14 Jun 202221:55	–	cve
Cvelist	CVE-2022-31066 Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users	14 Jun 202221:55	–	cvelist
EUVD	EUVD-2022-6047	3 Oct 202520:07	–	euvd
Github Security Blog	Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users	17 Jun 202201:11	–	github
NVD	CVE-2022-31066	14 Jun 202222:15	–	nvd
OSV	CVE-2022-31066 Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users	14 Jun 202221:55	–	osv
OSV	GHSA-G63H-Q855-VP3Q Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users	17 Jun 202201:11	–	osv
Prion	Authentication flaw	14 Jun 202222:15	–	prion

Source	Link
github	www.github.com/edgexfoundry/edgex-go/security/advisories/GHSA-g63h-q855-vp3q
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-31066
github	www.github.com/edgexfoundry/device-sdk-go/pull/1161
github	www.github.com/edgexfoundry/edgex-go/pull/4016

03 Mar 2026 04:50Current

4.8Medium risk

Vulners AI Score4.8

CVSS 23.6

CVSS 3.14.4 - 5.9

EPSS0.00161

SSVC