exploitDog

CVE-2022-46382

Опубликовано: 06 дек. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.

Ссылки

https://rackn.com/products/rebar/
Product
https://rackn.com/products/rebar/
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*

Версия до 4.6.14 (включая)

cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*

Версия от 4.7 (включая) до 4.7.22 (включая)

cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*

Версия от 4.8 (включая) до 4.8.5 (включая)

cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*

Версия от 4.9 (включая) до 4.9.12 (включая)

cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.10.8 (включая)

EPSS

Процентиль: 44%

0.00216

Низкий

8.8 High

CVSS3

Дефекты

CWE-276

CWE-276

Связанные уязвимости

GHSA-qf5h-2qwh-9v97

CVSS3: 8.8

github

около 3 лет назад

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.

EPSS

Процентиль: 44%

0.00216

Низкий

8.8 High

CVSS3

Дефекты

CWE-276

CWE-276