CVE-2022-39289

Published: Oct 7, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Affected (2)

Products: Zoneminder: Zoneminder

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zoneminder Zoneminder	Up to 1.36.27
Zoneminder Zoneminder	From 1.37.0 to 1.37.24

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488

Source: security-advisories@github.com

ExploitPatchThird Party Advisory

https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.