PT-2022-16682 · Dell Emc · Dell Emc Cloudlink

Published

2022-05-26

Updated

2022-06-07

CVE-2022-24414

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions Dell EMC CloudLink versions 7.1.3 and earlier

Description The issue concerns the exposure of Auth Tokens in GET requests, which can be logged in reverse proxies and server logs. Attackers may potentially use these tokens to access the CloudLink server. It is recommended that tokens should not be used in request URLs to avoid such attacks.

Recommendations For Dell EMC CloudLink versions 7.1.3 and earlier, avoid using Auth Tokens in the request URL to prevent potential access by attackers.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-598

Related Identifiers

CVE-2022-24414

Affected Products

Dell Emc Cloudlink

PT-2022-16682 · Dell Emc · Dell Emc Cloudlink

CVE-2022-24414

Weakness Enumeration

Related Identifiers

Affected Products

References · 4