PYSEC-2022-43141
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/motioneye/PYSEC-2022-43141.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2022-43141
- Aliases
- Published
- 2022-03-24T17:15:00Z
- Modified
- 2024-11-22T20:57:11.529333Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
- References
Affected packages
PyPI / motioneye
Package
- Name
- motioneye
- View open source insights on deps.dev
- Purl
- pkg:pypi/motioneye
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.43.1b1
Affected versions
0.*
0.27
0.27.1
0.27.2
0.28
0.28.1
0.28.2
0.28.3
0.29rc1
0.29rc2
0.29
0.29.1
0.30rc1
0.30rc2
0.30
0.31
0.31.1
0.31.2
0.31.3
0.31.4
0.31.5
0.32
0.32.1
0.32.2
0.33
0.33.1
0.33.2
0.33.3
0.33.4
0.34rc1
0.34
0.34.1
0.35rc1
0.35
0.35.1
0.35.2
0.36
0.36.1
0.37rc1
0.37
0.37.1
0.38
0.38.1
0.39
0.39.1
0.39.2
0.39.3
0.40rc1
0.40rc2
0.40rc3
0.40rc4
0.40rc5
0.40
0.41rc1
0.41
0.42
0.42.1