CVE-2022-37298

Name of the Vulnerable Software and Affected Versions Shinken Monitoring version 2.4.3

Description The issue is related to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.

Recommendations For version 2.4.3, consider disabling the SafeUnpickler class until a patch is available to mitigate the risk of exploitation. Restrict access to the shinken/safepickle.py module to minimize the risk of unauthorized access. Avoid using the SafeUnpickler class for unserializing objects from monitoring nodes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.