CVE-2022-44009

Name of the Vulnerable Software and Affected Versions StackStorm version 3.7.0

Description The issue is related to improper access control in Key-Value RBAC, where permissions in Jinja filters are not checked, allowing attackers to access Key-Value pairs of other users. This could potentially lead to the exposure of sensitive information.

Recommendations For StackStorm version 3.7.0, consider restricting access to Key-Value pairs until a patch is available, and review the permissions in Jinja filters to ensure proper access control. At the moment, there is no information about a newer version that contains a fix for this vulnerability.