CVE-2022-46382

Name of the Vulnerable Software and Affected Versions RackN Digital Rebar versions 4.6.14 and earlier RackN Digital Rebar versions 4.7 through 4.7.22 RackN Digital Rebar versions 4.8 through 4.8.5 RackN Digital Rebar versions 4.9 through 4.9.12 RackN Digital Rebar versions 4.10 through 4.10.8

Description The issue arises from insecure permissions in RackN Digital Rebar. After a user signs in, they are issued authentication tokens tied to their account, which are used to perform actions within Digital Rebar. However, during the validation process of these tokens, Digital Rebar fails to check if the user account still exists. As a result, deleted Digital Rebar users can still use their tokens to perform actions within Digital Rebar.

Recommendations For RackN Digital Rebar versions 4.6.14 and earlier, update to a version later than 4.6.14 to resolve the issue. For RackN Digital Rebar versions 4.7 through 4.7.22, update to a version later than 4.7.22 to resolve the issue. For RackN Digital Rebar versions 4.8 through 4.8.5, update to a version later than 4.8.5 to resolve the issue. For RackN Digital Rebar versions 4.9 through 4.9.12, update to a version later than 4.9.12 to resolve the issue. For RackN Digital Rebar versions 4.10 through 4.10.8, update to a version later than 4.10.8 to resolve the issue. As a temporary workaround, consider restricting access to authentication tokens for deleted user accounts until a patch is available.