CVE-2022-46383 - OpenCVE

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rackn	Digital Rebar

Configuration 1 [-]

OR	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::
	cpe:2.3:a:rackn:digital_rebar::::::::

No data.

References

Link	Providers
https://docs.rackn.io/en/latest/doc/security/cve_2022_46383.html
https://rackn.com/products/rebar/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-06T00:00:00

Updated: 2024-08-03T14:31:46.319Z

Reserved: 2022-12-03T00:00:00

Link: CVE-2022-46383

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-06T15:15:15.967

Modified: 2022-12-08T16:53:04.747

Link: CVE-2022-46383

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "matchCriteriaId": "38C8E8E4-2D51-42EF-A948-1AF6CE7D212A", "versionEndIncluding": "4.6.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "matchCriteriaId": "05A73545-E0D5-4071-B09A-DBD5B37228E5", "versionEndIncluding": "4.7.22", "versionStartIncluding": "4.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "matchCriteriaId": "93D773DA-CD98-4C60-A416-0C604785C509", "versionEndIncluding": "4.8.5", "versionStartIncluding": "4.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F1B5E66-535C-489E-9549-7ED84E1F913B", "versionEndIncluding": "4.9.12", "versionStartIncluding": "4.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*", "matchCriteriaId": "03441E81-8A51-4813-B46C-E43B2C60764D", "versionEndIncluding": "4.10.8", "versionStartIncluding": "4.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access."}, {"lang": "es", "value": "RackN Digital Rebar hasta 4.6.14, 4.7 hasta 4.7.22, 4.8 hasta 4.8.5, 4.9 hasta 4.9.12 y 4.10 hasta 4.10.8 ha expuesto un token privilegiado a trav\u00e9s de un endpoint API p\u00fablico (control de acceso incorrecto). El token se puede utilizar para escalar privilegios dentro del sistema Digital Rebar y otorgar acceso administrativo completo."}], "id": "CVE-2022-46383", "lastModified": "2022-12-08T16:53:04.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-06T15:15:15.967", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.rackn.io/en/latest/doc/security/cve_2022_46383.html"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://rackn.com/products/rebar/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}