CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46382
https://notcve.org/view.php?id=CVE-2022-46382
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar. RackN Digital Rebar hasta 4.6.14, 4.7 hasta 4.7.22, 4.8 hasta 4.8.5, 4.9 hasta 4.9.12 y 4.10 hasta 4.10.8 tiene permisos inseguros. • https://rackn.com/products/rebar • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46383
https://notcve.org/view.php?id=CVE-2022-46383
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access. RackN Digital Rebar hasta 4.6.14, 4.7 hasta 4.7.22, 4.8 hasta 4.8.5, 4.9 hasta 4.9.12 y 4.10 hasta 4.10.8 ha expuesto un token privilegiado a través de un endpoint API público (control de acceso incorrecto). El token se puede utilizar para escalar privilegios dentro del sistema Digital Rebar y otorgar acceso administrativo completo. • https://docs.rackn.io/en/latest/doc/security/cve_2022_46383.html https://rackn.com/products/rebar •