CVE-2022-46382 Information
Dec 09, 2022
cve
Description
RackN Digital Rebar through 4.6.14 4.7 through 4.7.22 4.8 through 4.8.5 4.9 through 4.9.12 and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://rackn.com/products/rebar/
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: