QwikSec

Security Database

CVE

CWE

Training

CVE-2022-22733

Published: Jan 20, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.

Vendor	Product	Versions
Apache Software Foundation	Apache ShardingSphere ElasticJob-UI	affected `Apache ShardingSphere ElasticJob-UI 3.x - <= 3.0.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/qpdsm936n9bhksb0rzn6bq1h7ord2nm6

x_refsource_MISC

[oss-security] 20220120 CVE-2022-22733: Apache ShardingSphere ElasticJob-UI: Access-Token in ElasticJob UI causes password disclosure

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.