CVE-2022-25568
HIGH7.5EPSS 85.3%MotionEye allows attackers to access sensitive information
發布日:2022/3/25修改日:2024/11/22
描述
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
受影響套件(2)
- PyPI/motioneyefrom 0, < 0.43.1b1
- PyPI/motioneyefrom 0, < 0.43.1b1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-25568
- PATCHhttps://github.com/motioneye-project/motioneye
- WEBhttps://github.com/ccrisan/motioneye/issues/2292
- WEBhttps://github.com/motioneye-project/motioneye/commit/c60b64af5bb8c09189071522a1f6796cb44340b0
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/motioneye/PYSEC-2022-43141.yaml
- WEBhttps://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure
- WEBhttps://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure/