CVE-2022-22733
published 2022-01-20CVE-2022-22733: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do…
PriorityP354medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
20.90%
97.2th percentile
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | shardingsphere_elasticjob-ui | — | — |
| apache_software_foundation | apache_shardingsphere_elasticjob-ui | Apache ShardingSphere ElasticJob-UI 3.x – 3.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation Attempt (CVE-2022-22733)"; flow:established,to_server; flowbits:set,ET.CVE-2022-22733.Attempt; http.method; content:"POST"; http.uri; bsize:10; content:"/api/login"; fast_pattern; http.request_body; content:"|22|username|22 3a 22|guest|22 2c|"; content:"|22|password|22 3a 22|guest|22|"; within:20; reference:url,github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22733.yaml; reference:cve,2022-22733; classtype:attempted-admin; sid:2056773; rev:1;)
snort
alert http $HOME_NET any -> any any (msg:"ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation - Successful Attempt (CVE-2022-22733)"; flow:established,to_client; flowbits:isset,ET.CVE-2022-22733.Attempt; http.stat_code; content:"200"; http.response_body; content:"|22|success|22 3a|true|2c|"; content:"|22|errorCode|22 3a|0|2c|"; within:16; content:"|22|model|22 3a 7b|"; within:11; content:"|22|isGuest|22 3a|true|2c|"; within:20; content:"|22|accessToken|22 3a|"; within:20; content:"|22|eyJyb290VXNlcm5hbWUi"; within:30; fast_pattern; reference:url,github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22733.yaml; reference:cve,2022-22733; classtype:attempted-admin; sid:2056774; rev:1;)
bytes
|22|eyJyb290VXNlcm5hbWUi
- →Exploit attempt: HTTP POST to /api/login with hardcoded guest credentials in JSON body; URI must be exactly 10 bytes
- →Successful exploitation response contains JSON fields: success:true, errorCode:0, isGuest:true, and an accessToken starting with eyJyb290VXNlcm5hbWUi (base64 JWT prefix)
- →Nuclei template matcher checks HTTP 200 response body for '"success":true', '"isGuest":true', and '"accessToken":' simultaneously
- →Asset discovery: identify exposed ElasticJob-UI instances via Shodan favicon hash 816588900 or FOFA icon_hash=816588900
- ·Both Snort/ET rules are marked tls_state plaintext — detection will NOT fire on TLS-encrypted traffic; deploy SSL inspection for full coverage
- ·Vulnerability affects only Apache ShardingSphere ElasticJob-UI 3.x up to and including version 3.0.0
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation - Successful Attempt (CVE-2022-22733)
suricata·2024-10-22·CVSS 6.5
CVE-2022-22733 [MEDIUM] ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation - Successful Attempt (CVE-2022-22733)
ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation - Successful Attempt (CVE-2022-22733)
Rule: alert http $HOME_NET any -> any any (msg:"ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation - Successful Attempt (CVE-2022-22733)"; flow:established,to_client; flowbits:isset,ET.CVE-2022-22733.Attempt; http.stat_code; content:"200"; http.response_body; content:"|22|success|22 3a|true|2c|"; content:"|22|errorCode|22 3a|0|2c|"; within:16; content:"|22|model|22 3a 7b|"; within:11; content:"|22|isGuest|22 3a|true|2c|"; within:20; content:"|22|accessToken|22 3a|"; within:20; content:"|22|eyJyb290VXNlcm5hbWUi"; within:30; fast_pattern; reference:url,github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22733.yaml; referenc
Suricata
ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation Attempt (CVE-2022-22733)
suricata·2024-10-22·CVSS 6.5
CVE-2022-22733 [MEDIUM] ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation Attempt (CVE-2022-22733)
ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation Attempt (CVE-2022-22733)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation Attempt (CVE-2022-22733)"; flow:established,to_server; flowbits:set,ET.CVE-2022-22733.Attempt; http.method; content:"POST"; http.uri; bsize:10; content:"/api/login"; fast_pattern; http.request_body; content:"|22|username|22 3a 22|guest|22 2c|"; content:"|22|password|22 3a 22|guest|22|"; within:20; reference:url,github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22733.yaml; reference:cve,2022-22733; classtype:attempted-admin; sid:2056773; rev:1; metadata:affected_product Apache_ShardingSphere, attack_target Web_Server, tls_state plaintex
Nuclei
Apache ShardingSphere ElasticJob-UI privilege escalation
nuclei·CVSS 6.5
CVE-2022-22733 [MEDIUM] Apache ShardingSphere ElasticJob-UI privilege escalation
Apache ShardingSphere ElasticJob-UI privilege escalation
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.
Template:
id: CVE-2022-22733
info:
name: Apache ShardingSphere ElasticJob-UI privilege escalation
author: Zeyad Azima
severity: medium
description: |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x ver
No writeups or analysis indexed.
2022-01-20
Published