CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CVE-2022-0336 (GCVE-0-2022-0336)
Vulnerability from cvelistv5 – Published: 2022-08-29 00:00 – Updated: 2024-08-02 23:25
VLAI
Summary
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
Severity
No CVSS data available.
CWE
- CWE-276 - - Incorrect Default Permissions
Assigner
References
7 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2022-0336.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=14950"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046134"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0336"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects Samba v4.0.0 and later, Fixed in samba v4.13.17, v4.14.12, v4.15.4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 - Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T08:06:53.455Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.samba.org/samba/security/CVE-2022-0336.html"
},
{
"url": "https://bugzilla.samba.org/show_bug.cgi?id=14950"
},
{
"url": "https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c"
},
{
"url": "https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046134"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-0336"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0336",
"datePublished": "2022-08-29T00:00:00.000Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0486 (GCVE-0-2022-0486)
Vulnerability from cvelistv5 – Published: 2022-05-17 19:32 – Updated: 2024-09-16 16:28
VLAI
Title
Privileged Command Injection Vulnerability in Fidelis Network and Deception
Summary
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
Severity
4.4 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fidelissecurity.zendesk.com/hc/en-us/arti… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fidelis Cybersecurity | Fidelis Network |
Affected:
Fidelis Network , < 9.4.5
(custom)
|
|
| Fidelis Cybersecurity | Fidelis Deception |
Affected:
Fidelis Deception , < 9.4.5
(custom)
|
Date Public
2022-05-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"CentOS"
],
"product": "Fidelis Network",
"vendor": "Fidelis Cybersecurity",
"versions": [
{
"lessThan": "9.4.5",
"status": "affected",
"version": "Fidelis Network",
"versionType": "custom"
}
]
},
{
"platforms": [
"CentOS"
],
"product": "Fidelis Deception",
"vendor": "Fidelis Cybersecurity",
"versions": [
{
"lessThan": "9.4.5",
"status": "affected",
"version": "Fidelis Deception",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Henry Reed, The Aerospace Corporation"
}
],
"datePublic": "2022-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "Root level access"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T19:32:58.000Z",
"orgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
"shortName": "Fidelis"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply patches or upgrade to latest version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privileged Command Injection Vulnerability in Fidelis Network and Deception",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@fidelissecurity.com",
"DATE_PUBLIC": "2022-05-16T15:30:00.000Z",
"ID": "CVE-2022-0486",
"STATE": "PUBLIC",
"TITLE": "Privileged Command Injection Vulnerability in Fidelis Network and Deception"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fidelis Network",
"version": {
"version_data": [
{
"platform": "CentOS",
"version_affected": "\u003c",
"version_name": "Fidelis Network",
"version_value": "9.4.5"
}
]
}
},
{
"product_name": "Fidelis Deception",
"version": {
"version_data": [
{
"platform": "CentOS",
"version_affected": "\u003c",
"version_name": "Fidelis Deception",
"version_value": "9.4.5"
}
]
}
}
]
},
"vendor_name": "Fidelis Cybersecurity"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Henry Reed, The Aerospace Corporation"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Root level access"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411",
"refsource": "CONFIRM",
"url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply patches or upgrade to latest version"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
"assignerShortName": "Fidelis",
"cveId": "CVE-2022-0486",
"datePublished": "2022-05-17T19:32:58.251Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:21.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0997 (GCVE-0-2022-0997)
Vulnerability from cvelistv5 – Published: 2022-05-17 19:31 – Updated: 2024-09-17 01:51
VLAI
Title
Local Privilege Escalation Vulnerability in Fidelis Network and Deception
Summary
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
Severity
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fidelissecurity.zendesk.com/hc/en-us/arti… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fidelis Cybersecurity | Fidelis Network |
Affected:
Fidelis Network , < 9.4.5
(custom)
|
|
| Fidelis Cybersecurity | Fidelis Deception |
Affected:
Fidelis Deception , < 9.4.5
(custom)
|
Date Public
2022-05-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"CentOS"
],
"product": "Fidelis Network",
"vendor": "Fidelis Cybersecurity",
"versions": [
{
"lessThan": "9.4.5",
"status": "affected",
"version": "Fidelis Network",
"versionType": "custom"
}
]
},
{
"platforms": [
"CentOS"
],
"product": "Fidelis Deception",
"vendor": "Fidelis Cybersecurity",
"versions": [
{
"lessThan": "9.4.5",
"status": "affected",
"version": "Fidelis Deception",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Henry Reed, The Aerospace Corporation"
}
],
"datePublic": "2022-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "Root level access"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T19:31:43.000Z",
"orgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
"shortName": "Fidelis"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply patches or upgrade to latest version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation Vulnerability in Fidelis Network and Deception",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@fidelissecurity.com",
"DATE_PUBLIC": "2022-05-16T15:30:00.000Z",
"ID": "CVE-2022-0997",
"STATE": "PUBLIC",
"TITLE": "Local Privilege Escalation Vulnerability in Fidelis Network and Deception"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fidelis Network",
"version": {
"version_data": [
{
"platform": "CentOS",
"version_affected": "\u003c",
"version_name": "Fidelis Network",
"version_value": "9.4.5"
}
]
}
},
{
"product_name": "Fidelis Deception",
"version": {
"version_data": [
{
"platform": "CentOS",
"version_affected": "\u003c",
"version_name": "Fidelis Deception",
"version_value": "9.4.5"
}
]
}
}
]
},
"vendor_name": "Fidelis Cybersecurity"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Henry Reed, The Aerospace Corporation"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Root level access"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411",
"refsource": "CONFIRM",
"url": "https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply patches or upgrade to latest version"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11ea3a0d-87b4-4e67-a1fa-f5a6be5d6676",
"assignerShortName": "Fidelis",
"cveId": "CVE-2022-0997",
"datePublished": "2022-05-17T19:31:43.358Z",
"dateReserved": "2022-03-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:51:19.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1109 (GCVE-0-2022-1109)
Vulnerability from cvelistv5 – Published: 2023-01-20 19:23 – Updated: 2025-04-02 13:41
VLAI
Summary
An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.
Severity
5.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:23.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_204380.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T13:40:52.825730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T13:41:13.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Leyun",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Versions prior to 6.8.21.99"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Thanks to Brother Wang for reporting this vulnerability to Lenovo."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service."
}
],
"value": "An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-20T19:23:31.270Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/dc_204380.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eV6.8.21.99 or later\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nUpgrade to V6.8.21.99 or later\n"
}
],
"source": {
"advisory": "LEN-84075",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-1109",
"datePublished": "2023-01-20T19:23:31.270Z",
"dateReserved": "2022-03-27T03:46:55.718Z",
"dateUpdated": "2025-04-02T13:41:13.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1833 (GCVE-0-2022-1833)
Vulnerability from cvelistv5 – Published: 2022-06-21 14:23 – Updated: 2024-08-03 00:17
VLAI
Summary
A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | AMQ Broker Operator |
Affected:
AMQ Broker Operator 7.9.4 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMQ Broker Operator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AMQ Broker Operator 7.9.4 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-21T14:23:41.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1833",
"datePublished": "2022-06-21T14:23:41.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:17:00.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21704 (GCVE-0-2022-21704)
Vulnerability from cvelistv5 – Published: 2022-01-19 00:00 – Updated: 2025-04-23 19:10
VLAI
Title
Incorrect Default Permissions in log4js-node
Summary
log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update.
Severity
5.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| log4js-node | log4js-node |
Affected:
< 6.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:34.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/log4js-node/log4js-node/pull/1141/commits/8042252861a1b65adb66931fdf702ead34fa9b76"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/log4js-node/streamroller/pull/87"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640"
},
{
"name": "[debian-lts-announce] 20221206 [SECURITY] [DLA 3229-1] node-log4js security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00014.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:11:49.538794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:10:12.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "log4js-node",
"vendor": "log4js-node",
"versions": [
{
"status": "affected",
"version": "\u003c 6.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q"
},
{
"url": "https://github.com/log4js-node/log4js-node/pull/1141/commits/8042252861a1b65adb66931fdf702ead34fa9b76"
},
{
"url": "https://github.com/log4js-node/streamroller/pull/87"
},
{
"url": "https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640"
},
{
"name": "[debian-lts-announce] 20221206 [SECURITY] [DLA 3229-1] node-log4js security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00014.html"
}
],
"source": {
"advisory": "GHSA-82v2-mx6x-wq7q",
"discovery": "UNKNOWN"
},
"title": "Incorrect Default Permissions in log4js-node"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21704",
"datePublished": "2022-01-19T00:00:00.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:10:12.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22518 (GCVE-0-2022-22518)
Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-17 02:11
VLAI
Title
A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy.
Summary
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.
Severity
6.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://customers.codesys.com/index.php?eID=dumpF… | x_refsource_CONFIRM |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Control for BeagleBone SL |
Affected:
V4.5.0.0 , < V4.5.0.0
(custom)
|
|
| CODESYS | CODESYS Control for Beckhoff CX9020 SL |
Affected:
V4.5.0.0 , < V4.5.0.0
(custom)
|
|
| CODESYS | CODESYS Control for emPC-A/iMX6 SL |
Affected:
V4.5.0.0 , < V4.5.0.0
(custom)
|
|
| CODESYS | CODESYS Control for IOT2000 SL |
Affected:
V4.5.0.0 , < V4.5.0.0
(custom)
|
|
| CODESYS | CODESYS Control for Linux SL |
Affected:
V4.5.0.0 , < V4.5.0.0
(custom)
|
|
| CODESYS | CODESYS Control for PFC100 SL |
Affected:
V4.5.0.0 , < V4.5.0.0
(custom)
|
|
| CODESYS | CODESYS Control for PFC200 SL |
Affected:
V4.5.0.0 , < V4.5.0.0
(custom)
|
|
| CODESYS | CODESYS Control for Raspberry Pi SL |
Affected:
V4.5.0.0 , < V4.5.0.0
(custom)
|
|
| CODESYS | CODESYS Control for WAGO Touch Panels 600 SL |
Affected:
V4.5.0.0 , < V4.5.0.0
(custom)
|
|
| CODESYS | CODESYS Control Runtime System Toolkit |
Affected:
V3.5.18.0 , < V3.5.18.0
(custom)
|
Date Public
2022-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17092\u0026token=a556b1695843bb42084dc63d5bdf553ca02ea393\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T07:45:30.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17092\u0026token=a556b1695843bb42084dc63d5bdf553ca02ea393\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
"ID": "CVE-2022-22518",
"STATE": "PUBLIC",
"TITLE": "A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17092\u0026token=a556b1695843bb42084dc63d5bdf553ca02ea393\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17092\u0026token=a556b1695843bb42084dc63d5bdf553ca02ea393\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22518",
"datePublished": "2022-04-07T18:21:21.950Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:11:34.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23104 (GCVE-0-2022-23104)
Vulnerability from cvelistv5 – Published: 2022-02-24 18:26 – Updated: 2025-04-16 16:44
VLAI
Title
WIN-911 2021 Incorrect Default Permissions
Summary
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program.
Severity
5.6 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://supportdesk.win911.com/support/solutions/… | x_refsource_CONFIRM |
Impacted products
Date Public
2022-02-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:19.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:22.330025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:44:41.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WIN-911",
"vendor": "WIN-911",
"versions": [
{
"status": "affected",
"version": "2021 R1 5.21.10"
},
{
"status": "affected",
"version": "2021 R2 5.21.17"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T18:26:59.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"value": "WIN-911 has released a hotfix that removes write access for the user\u2019s group on the affected directory subfolders. For the hotfix and more information."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WIN-911 2021 Incorrect Default Permissions",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-22T23:35:00.000Z",
"ID": "CVE-2022-23104",
"STATE": "PUBLIC",
"TITLE": "WIN-911 2021 Incorrect Default Permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WIN-911",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2021 R1",
"version_value": "5.21.10"
},
{
"version_affected": "=",
"version_name": "2021 R2",
"version_value": "5.21.17"
}
]
}
}
]
},
"vendor_name": "WIN-911"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03"
},
{
"name": "https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability",
"refsource": "CONFIRM",
"url": "https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability"
}
]
},
"solution": [
{
"lang": "en",
"value": "WIN-911 has released a hotfix that removes write access for the user\u2019s group on the affected directory subfolders. For the hotfix and more information."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-23104",
"datePublished": "2022-02-24T18:26:59.219Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:44:41.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2366 (GCVE-0-2022-2366)
Vulnerability from cvelistv5 – Published: 2022-07-11 14:08 – Updated: 2024-12-06 23:08
VLAI
Title
Incorrect defaults can cause attackers to bypass rate limitations
Summary
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Severity
5.6 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
6.7.x 6.7.0
Affected: 6.x , ≤ 6.3.8 (custom) Affected: 6.5.x , ≤ 6.5.1 (custom) Affected: 6.6.x , ≤ 6.6.1 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattermost.com/security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T22:52:50.416614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T23:08:46.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"status": "affected",
"version": "6.7.x 6.7.0"
},
{
"lessThanOrEqual": "6.3.8",
"status": "affected",
"version": "6.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.1",
"status": "affected",
"version": "6.6.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Adam Pritchard for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T14:08:50.000Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattermost.com/security-updates/"
}
],
"source": {
"advisory": "MMSA-2022-00109",
"defect": [
"https://mattermost.atlassian.net/browse/MM-42379"
],
"discovery": "EXTERNAL"
},
"title": "Incorrect defaults can cause attackers to bypass rate limitations",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-2366",
"STATE": "PUBLIC",
"TITLE": "Incorrect defaults can cause attackers to bypass rate limitations"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.x",
"version_value": "6.3.8"
},
{
"version_affected": "\u003c=",
"version_name": "6.5.x",
"version_value": "6.5.1"
},
{
"version_affected": "\u003c=",
"version_name": "6.6.x",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_name": "6.7.x",
"version_value": "6.7.0"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Adam Pritchard for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattermost.com/security-updates/",
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/"
}
]
},
"source": {
"advisory": "MMSA-2022-00109",
"defect": [
"https://mattermost.atlassian.net/browse/MM-42379"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2022-2366",
"datePublished": "2022-07-11T14:08:50.000Z",
"dateReserved": "2022-07-11T00:00:00.000Z",
"dateUpdated": "2024-12-06T23:08:46.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23922 (GCVE-0-2022-23922)
Vulnerability from cvelistv5 – Published: 2022-02-24 18:26 – Updated: 2025-04-16 16:44
VLAI
Title
WIN-911 2021 Incorrect Default Permissions
Summary
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed.
Severity
5.6 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://supportdesk.win911.com/support/solutions/… | x_refsource_CONFIRM |
Impacted products
Date Public
2022-02-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:27.651928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:44:50.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WIN-911",
"vendor": "WIN-911",
"versions": [
{
"status": "affected",
"version": "2021 R1 5.21.10"
},
{
"status": "affected",
"version": "2021 R2 5.21.17"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T18:26:58.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"value": "WIN-911 has released a hotfix that removes write access for the user\u2019s group on the affected directory subfolders. For the hotfix and more information."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WIN-911 2021 Incorrect Default Permissions",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-22T23:35:00.000Z",
"ID": "CVE-2022-23922",
"STATE": "PUBLIC",
"TITLE": "WIN-911 2021 Incorrect Default Permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WIN-911",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2021 R1",
"version_value": "5.21.10"
},
{
"version_affected": "=",
"version_name": "2021 R2",
"version_value": "5.21.17"
}
]
}
}
]
},
"vendor_name": "WIN-911"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-03"
},
{
"name": "https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability",
"refsource": "CONFIRM",
"url": "https://supportdesk.win911.com/support/solutions/articles/24000074683-win-911-2021-r1-r2-file-permission-vulnerability"
}
]
},
"solution": [
{
"lang": "en",
"value": "WIN-911 has released a hotfix that removes write access for the user\u2019s group on the affected directory subfolders. For the hotfix and more information."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-23922",
"datePublished": "2022-02-24T18:26:58.463Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:44:50.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.