CVE-2022-39337

Опубликовано: 22 дек. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue.

Ссылки

https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876
Patch
https://github.com/dromara/hertzbeat/issues/377
Exploit
Issue Tracking
https://github.com/dromara/hertzbeat/pull/382
Issue Tracking
Patch
https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6
Vendor Advisory
https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876
Patch
https://github.com/dromara/hertzbeat/issues/377
Exploit
Issue Tracking
https://github.com/dromara/hertzbeat/pull/382
Issue Tracking
Patch
https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

Версия до 1.2.1 (исключая)

EPSS

Процентиль: 45%

0.00225

Низкий

7.5 High

CVSS3

Дефекты

CWE-284