CVE-2022-46383

Name of the Vulnerable Software and Affected Versions RackN Digital Rebar versions 4.6.14 and earlier RackN Digital Rebar versions 4.7 through 4.7.22 RackN Digital Rebar versions 4.8 through 4.8.5 RackN Digital Rebar versions 4.9 through 4.9.12 RackN Digital Rebar versions 4.10 through 4.10.8

Description The issue is related to exposed privileged tokens via a public API endpoint, which is an example of Incorrect Access Control. This exposed token can be used to escalate privileges within the system, granting full administrative access.

Recommendations For versions 4.6.14 and earlier, update to a version later than 4.6.14 to resolve the issue. For versions 4.7 through 4.7.22, update to a version later than 4.7.22 to resolve the issue. For versions 4.8 through 4.8.5, update to a version later than 4.8.5 to resolve the issue. For versions 4.9 through 4.9.12, update to a version later than 4.9.12 to resolve the issue. For versions 4.10 through 4.10.8, update to a version later than 4.10.8 to resolve the issue. As a temporary workaround, consider restricting access to the public API endpoint until a patch is available.