CVE-2022-39289

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ZoneMinder (affected versions not specified)

Description The issue concerns the ZoneMinder API, which exposes database log contents to users without privileges. It also allows for the insertion, modification, and deletion of logs without system privileges. Users are advised to upgrade as soon as possible.

Recommendations For all affected versions, users are advised to upgrade as soon as possible. As a temporary workaround for users unable to upgrade, consider disabling database logging to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-862CWE-200

Related Identifiers

ALT-PU-2022-2858

ALT-PU-2022-2978

ALT-PU-2023-7284

CVE-2022-39289

GHSA-MPCX-3GVH-9488

Affected Products

Alt Linux

Debian

Zoneminder

CVE-2022-39289

Weakness Enumeration

Related Identifiers

Affected Products

References · 11