CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46382
https://notcve.org/view.php?id=CVE-2022-46382
06 Dec 2022 — RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar. RackN Digital Rebar hast... • https://rackn.com/products/rebar • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46383
https://notcve.org/view.php?id=CVE-2022-46383
06 Dec 2022 — RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access. RackN Digital Rebar hasta 4.6.14, 4.7 hasta 4.7.22, 4.8 hasta 4.8.5, 4.9 hasta 4.9.12 y 4.10 hasta 4.10.8 ha expuesto un token privilegiado a través de un endpoint API público (control de acces... • https://docs.rackn.io/en/latest/doc/security/cve_2022_46383.html •