CVE-2022-26563Incorrect Authorization in Monit

CWE-863Incorrect Authorization7 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 29.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tildeslash MonitDebian Monit
Timeline
PublishedJul 18
Latest updateJan 9

Description

An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDtildeslash/monit< 5.31.0
Debiantildeslash/monit< 1:5.32.0-1+2
debiandebian/monit< monit 1:5.32.0-1 (bookworm)

Patches

Patch: bitbucket.orgPatch: bitbucket.org

🔴Vulnerability Details

2
GHSA
GHSA-23pc-hgf6-6wwr: An issue was discovered in Tildeslash Monit before 52023-07-18
OSV
CVE-2022-26563: An issue was discovered in Tildeslash Monit before 52023-07-18

📋Vendor Advisories

2
Ubuntu
Monit vulnerability2024-01-09
Debian
CVE-2022-26563: monit - An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attacke...2022

🕵️Threat Intelligence

2
Wiz
CVE-2020-36968 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2020-36969 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2022-26563 — Incorrect Authorization in Monit | cvebase