GHSA-p373-jqfm-j6wr

Source

https://github.com/advisories/GHSA-p373-jqfm-j6wr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-p373-jqfm-j6wr/GHSA-p373-jqfm-j6wr.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-p373-jqfm-j6wr

Aliases

CVE-2022-37298

Published

2022-10-20T12:00:15Z

Modified

2023-11-01T04:59:38.678309Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control

Details

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-20T18:39:15Z",
    "nvd_published_at": "2022-10-20T11:15:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "CRITICAL"
}

References

Affected packages

PyPI / shinken

Package

Name: shinken; View open source insights on deps.dev
Purl: pkg:pypi/shinken

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.4.3

Affected versions

2.*

2.0

2.0.1

2.0.2

2.0.3

2.2

2.4

2.4.2

2.4.3