CVE-2022-46382

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://rackn.com/products/rebar/	Product
https://rackn.com/products/rebar/	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::

History

21 Nov 2024, 07:30

Type	Values Removed	Values Added
References	~~() https://rackn.com/products/rebar/ - Product~~	() https://rackn.com/products/rebar/ - Product

Information

Published : 2022-12-06 16:15

Updated : 2024-11-21 07:30

NVD link : CVE-2022-46382

Mitre link : CVE-2022-46382

CVE.ORG link : CVE-2022-46382

JSON object : View

Products Affected

rackn

digital_rebar

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2022-46382", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-12-06T16:15:11.407", "references": [{"url": "https://rackn.com/products/rebar/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://rackn.com/products/rebar/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar."}, {"lang": "es", "value": "RackN Digital Rebar hasta 4.6.14, 4.7 hasta 4.7.22, 4.8 hasta 4.8.5, 4.9 hasta 4.9.12 y 4.10 hasta 4.10.8 tiene permisos inseguros. Despu\u00e9s de iniciar sesi\u00f3n en Digital Rebar, los usuarios reciben tokens de autenticaci\u00f3n vinculados a su cuenta para realizar acciones dentro de Digital Rebar. Durante el proceso de validaci\u00f3n de estos tokens, Digital Rebar no verific\u00f3 si la cuenta de usuario a\u00fan existe. Los usuarios de Digital Rebar eliminados a\u00fan podr\u00edan usar sus tokens para realizar acciones dentro de Digital Rebar."}], "lastModified": "2024-11-21T07:30:29.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38C8E8E4-2D51-42EF-A948-1AF6CE7D212A", "versionEndIncluding": "4.6.14"}, {"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05A73545-E0D5-4071-B09A-DBD5B37228E5", "versionEndIncluding": "4.7.22", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93D773DA-CD98-4C60-A416-0C604785C509", "versionEndIncluding": "4.8.5", "versionStartIncluding": "4.8"}, {"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F1B5E66-535C-489E-9549-7ED84E1F913B", "versionEndIncluding": "4.9.12", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03441E81-8A51-4813-B46C-E43B2C60764D", "versionEndIncluding": "4.10.8", "versionStartIncluding": "4.10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}