Exposed Auth Token in Dell EMC CloudLink Leading to Unauthorized Access
CVE-2022-24414

7.6HIGH

Key Information:

Vendor: Dell
Status: ClouD-Link
Vendor: CVE Published:; 26 May 2022

What is CVE-2022-24414?

Dell EMC CloudLink versions 7.1.3 and earlier are susceptible to a vulnerability where authentication tokens are exposed through GET request parameters. This exposure can lead to sensitive token information being logged in reverse proxies and server logs, making it possible for attackers to intercept these tokens. The presence of these tokens in the request URLs poses a significant security risk, as they may be utilized to gain unauthorized access to the CloudLink server. It is crucial for users of affected versions to implement secure practices and refrain from using tokens in request URLs to mitigate potential exploits.

Affected Version(s)

CloudLink < 7.1.3

References

https://www.dell.com/support/kbdoc/en-us/000197425/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2022
Vulnerability Reserved
Feb 4, 2022