CVE-2022-39289

Опубликовано: 07 окт. 2022

Источник: nvd

CVSS3: 9.1

CVSS3: 7.5

EPSS Низкий

Описание

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Ссылки

https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
Patch
Third Party Advisory
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
Exploit
Patch
Third Party Advisory
https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4
Patch
Third Party Advisory
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

Версия до 1.36.27 (включая)

cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

Версия от 1.37.0 (включая) до 1.37.24 (исключая)

EPSS

Процентиль: 57%

0.00353

Низкий

9.1 Critical

CVSS3

7.5 High

CVSS3

Дефекты

CWE-200

CWE-862

Связанные уязвимости

CVE-2022-39289

CVSS3: 9.1

ubuntu

больше 3 лет назад

CVE-2022-39289

CVSS3: 9.1

debian

больше 3 лет назад

ZoneMinder is a free, open source Closed-circuit television software a ...

EPSS

Процентиль: 57%

0.00353

Низкий

9.1 Critical

CVSS3

7.5 High

CVSS3

Дефекты

CWE-200

CWE-862