CVE-2022-46382

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://rackn.com/products/rebar/	Product

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::

Information

Published : 2022-12-06 08:15

Updated : 2022-12-08 09:02

NVD link : CVE-2022-46382

Mitre link : CVE-2022-46382

JSON object : View

CWE

CWE-276

Incorrect Default Permissions

Advertisement

Products Affected

rackn

digital_rebar

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://rackn.com/products/rebar/", "name": "https://rackn.com/products/rebar/", "tags": ["Product"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-276"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-46382", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2022-12-06T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.10.8", "versionStartIncluding": "4.10"}, {"cpe23Uri": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.9.12", "versionStartIncluding": "4.9"}, {"cpe23Uri": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.8.5", "versionStartIncluding": "4.8"}, {"cpe23Uri": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.7.22", "versionStartIncluding": "4.7"}, {"cpe23Uri": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.6.14"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-08T17:02Z"}