Unauthorized Data Disclosure in Agent and Cluster Node Linking for Specific Vendor Products
CVE-2022-3499

6.5MEDIUM

Key Information:

Vendor: Tenable
Status: Tenable Nessus
Vendor: CVE Published:; 31 October 2022

What is CVE-2022-3499?

An authenticated attacker could exploit a flaw in the handling of agent and cluster node linking keys. This vulnerability allows for the potential unauthorized disclosure of sensitive agent logs and data, impacting the integrity and confidentiality of the information managed within the affected Tenable products.

Affected Version(s)

Tenable Nessus 10.3.1 and earlier

References

https://www.tenable.com/security/tns-2022-21

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Oct 13, 2022