CVE-2022-46382

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.

RackN Digital Rebar hasta 4.6.14, 4.7 hasta 4.7.22, 4.8 hasta 4.8.5, 4.9 hasta 4.9.12 y 4.10 hasta 4.10.8 tiene permisos inseguros. Después de iniciar sesión en Digital Rebar, los usuarios reciben tokens de autenticación vinculados a su cuenta para realizar acciones dentro de Digital Rebar. Durante el proceso de validación de estos tokens, Digital Rebar no verificó si la cuenta de usuario aún existe. Los usuarios de Digital Rebar eliminados aún podrían usar sus tokens para realizar acciones dentro de Digital Rebar.

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-12-03 CVE Reserved
2022-12-06 CVE Published
2024-06-28 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-276: Incorrect Default Permissions

CAPEC

References (1)

URL	Tag	Source
https://rackn.com/products/rebar	Product

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rackn Search vendor "Rackn"		Digital Rebar Search vendor "Rackn" for product "Digital Rebar"				<= 4.6.14 Search vendor "Rackn" for product "Digital Rebar" and version " <= 4.6.14"		-		Affected
Rackn Search vendor "Rackn"		Digital Rebar Search vendor "Rackn" for product "Digital Rebar"				>= 4.7 <= 4.7.22 Search vendor "Rackn" for product "Digital Rebar" and version " >= 4.7 <= 4.7.22"		-		Affected
Rackn Search vendor "Rackn"		Digital Rebar Search vendor "Rackn" for product "Digital Rebar"				>= 4.8 <= 4.8.5 Search vendor "Rackn" for product "Digital Rebar" and version " >= 4.8 <= 4.8.5"		-		Affected
Rackn Search vendor "Rackn"		Digital Rebar Search vendor "Rackn" for product "Digital Rebar"				>= 4.9 <= 4.9.12 Search vendor "Rackn" for product "Digital Rebar" and version " >= 4.9 <= 4.9.12"		-		Affected
Rackn Search vendor "Rackn"		Digital Rebar Search vendor "Rackn" for product "Digital Rebar"				>= 4.10 <= 4.10.8 Search vendor "Rackn" for product "Digital Rebar" and version " >= 4.10 <= 4.10.8"		-		Affected