PT-2022-7191 · Dapr · Dapr Dashboard

Andrewgogogoo

Published

2022-10-03

Updated

2024-08-21

CVE-2022-38817

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dapr Dashboard versions 0.1.0 through 0.10.0

Description The issue is related to Incorrect Access Control in the Dapr Dashboard, which is associated with a lack of authentication for a critical function. This allows attackers to obtain sensitive data. The exploitation of this issue can enable a remote attacker to impact the confidentiality of protected information.

Recommendations For Dapr Dashboard versions 0.1.0 through 0.10.0, consider disabling critical functions that rely on authentication until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation. Avoid using the Dapr Dashboard until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2023-08995

CVE-2022-38817

GHSA-2W6M-Q946-399R

GO-2022-1033

Affected Products

Dapr Dashboard

PT-2022-7191 · Dapr · Dapr Dashboard

CVE-2022-38817

Weakness Enumeration

Related Identifiers

Affected Products

References · 9