CVE-2022-25568

Опубликовано: 24 мар. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 4.3

EPSS Высокий

Описание

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.

Ссылки

https://github.com/ccrisan/motioneye/issues/2292
Issue Tracking
Third Party Advisory
https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure/
Exploit
Third Party Advisory
https://github.com/ccrisan/motioneye/issues/2292
Issue Tracking
Third Party Advisory
https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:motioneye_project:motioneye:*:*:*:*:*:*:*:*

Версия до 0.42.1 (включая)

EPSS

Процентиль: 100%

0.89768

Высокий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-1188

Связанные уязвимости

GHSA-2c7w-v459-cwgf