GHSA-2c7w-v459-cwgf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2c7w-v459-cwgf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-2c7w-v459-cwgf/GHSA-2c7w-v459-cwgf.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-2c7w-v459-cwgf
- Aliases
- Published
- 2022-03-25T00:00:33Z
- Modified
- 2024-11-22T20:57:11.529333Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- MotionEye allows attackers to access sensitive information
- Details
-
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
- Database specific
{ "severity": "HIGH", "nvd_published_at": "2022-03-24T17:15:00Z", "github_reviewed": true, "cwe_ids": [ "CWE-200" ], "github_reviewed_at": "2024-11-22T20:20:55Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-25568
- https://github.com/ccrisan/motioneye/issues/2292
- https://github.com/motioneye-project/motioneye/commit/c60b64af5bb8c09189071522a1f6796cb44340b0
- https://github.com/motioneye-project/motioneye
- https://github.com/pypa/advisory-database/tree/main/vulns/motioneye/PYSEC-2022-43141.yaml
- https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure
Affected packages
PyPI / motioneye
Package
- Name
- motioneye
- View open source insights on deps.dev
- Purl
- pkg:pypi/motioneye
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.43.1b1
Affected versions
0.*
0.27
0.27.1
0.27.2
0.28
0.28.1
0.28.2
0.28.3
0.29rc1
0.29rc2
0.29
0.29.1
0.30rc1
0.30rc2
0.30
0.31
0.31.1
0.31.2
0.31.3
0.31.4
0.31.5
0.32
0.32.1
0.32.2
0.33
0.33.1
0.33.2
0.33.3
0.33.4
0.34rc1
0.34
0.34.1
0.35rc1
0.35
0.35.1
0.35.2
0.36
0.36.1
0.37rc1
0.37
0.37.1
0.38
0.38.1
0.39
0.39.1
0.39.2
0.39.3
0.40rc1
0.40rc2
0.40rc3
0.40rc4
0.40rc5
0.40
0.41rc1
0.41
0.42
0.42.1