CVE-2022-39337 – Permission bypass due to incorrect configuration in github.com/dromara/hertzbeat

https://notcve.org/view.php?id=CVE-2022-39337

Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue. Hertzbeat es un sistema de monitoreo en tiempo real de código abierto con monitoreo personalizado, clúster de alto rendimiento, similar a Prometheus y sin agentes. • https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876 https://github.com/dromara/hertzbeat/issues/377 https://github.com/dromara/hertzbeat/pull/382 https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •