CVE-2022-24396

Name of the Vulnerable Software and Affected Versions The Simple Diagnostics Agent versions 1.0 up to version 1.57

Description The issue concerns the lack of authentication checks for functionalities accessible via localhost on http port 3005. This allows an attacker to access administrative or privileged functionalities, potentially reading, modifying, or deleting sensitive information and configurations.

Recommendations For versions 1.0 up to version 1.57, consider restricting access to the http port 3005 to minimize the risk of exploitation. As a temporary workaround, limit the use of administrative functionalities until a proper authentication mechanism is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.