exploitDog

CVE-2022-44009

Опубликовано: 06 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.

Ссылки

https://stackstorm.com/2022/12/v3-8-0-released/
Vendor Advisory
https://stackstorm.com/2022/12/v3-8-0-released/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:stackstorm:stackstorm:3.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00209

Низкий

7.5 High

CVSS3

Дефекты

CWE-862

CWE-862

EPSS

Процентиль: 43%

0.00209

Низкий

7.5 High

CVSS3

Дефекты

CWE-862

CWE-862