CVE-2022-27893
The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests.
Severity Score
4.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.
Se descubrió que el complemento Foundry Magritte osissoft-pi-web-connector versiones 0.15.0 - 0.43.0 registraba de una manera que capturaba las solicitudes de autenticación. Esta vulnerabilidad se resuelve en osisoft-pi-web-connector versión 0.44.0.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-25 CVE Reserved
- 2022-11-04 CVE Published
- 2024-05-27 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Osisoft-pi-web-connector Project Search vendor "Osisoft-pi-web-connector Project" | Osisoft-pi-web-connector Search vendor "Osisoft-pi-web-connector Project" for product "Osisoft-pi-web-connector" | >= 0.15.0 < 0.44.0 Search vendor "Osisoft-pi-web-connector Project" for product "Osisoft-pi-web-connector" and version " >= 0.15.0 < 0.44.0" | foundry_magritte |
Affected
| ||||||