PT-2022-21633 · Unknown+1 · Cloudlabeling+1

Di1L0O

Published

2022-06-24

Updated

2022-07-05

CVE-2022-32999

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cloudlabeling version 0.0.1

Description The cloudlabeling package was discovered to contain a code execution backdoor via the request package. This issue allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Recommendations For version 0.0.1, consider removing or disabling the cloudlabeling package until a patched version is available. As a temporary workaround, restrict the use of the request package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-32999

Affected Products

Cloudlabeling

Request

PT-2022-21633 · Unknown+1 · Cloudlabeling+1

CVE-2022-32999

Related Identifiers

Affected Products

References · 7