CVE-2022-29071
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ...
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.
Este aviso documenta una vulnerabilidad encontrada internamente en el modelo de despliegue on premises de Arista CloudVision Portal (CVP) en el que, bajo un determinado conjunto de condiciones, las contraseñas de los usuarios pueden filtrarse en los registros de auditoría y del sistema. El impacto de esta vulnerabilidad es que las contraseñas de inicio de sesión de los usuarios de CVP podrían filtrarse a otros usuarios autenticados
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-11 CVE Reserved
- 2022-08-05 CVE Published
- 2024-02-16 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Arista Search vendor "Arista" | Cloudvision Portal Search vendor "Arista" for product "Cloudvision Portal" | >= 2020.2.0 <= 2022.1.0 Search vendor "Arista" for product "Cloudvision Portal" and version " >= 2020.2.0 <= 2022.1.0" | - |
Affected
|