Information Disclosure in Nessus by Tenable
CVE-2022-33757

6.5MEDIUM

Key Information:

Vendor: Tenable, Inc.
Status: Tenable Nessus
Vendor: CVE Published:; 25 October 2022

🔔 Create Tenable, Inc. Vulnerability Alert

What is CVE-2022-33757?

An authenticated attacker can exploit a flaw in Nessus allowing access to sensitive debug log file attachments via the web interface, without the necessary permissions. This breach could result in the unauthorized disclosure of sensitive information regarding the scan targets and configurations, posing significant risks to user privacy and operational security.

Affected Version(s)

Tenable Nessus 0 < 10.2.0

References

https://www.tenable.com/security/tns-2022-11

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Jun 15, 2022