Access-Token in ElasticJob UI causes password disclosure
CVE-2022-22733

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Shardingsphere Elasticjob-ui
Vendor: CVE Published:; 20 January 2022

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 27%

Summary

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.

Affected Version(s)

Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x <= 3.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-22733
Created by Zeyad-Azima

References

https://lists.apache.org/thread/qpdsm936n9bhksb0rzn6bq1h7...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2022/01/20/2

mailing-listx_refsource_MLIST

EPSS Score

27% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Apr 25, 2023
👾
Exploit known to exist
Apr 25, 2023
Vulnerability published
Jan 20, 2022
Vulnerability Reserved
Jan 7, 2022