CVE-2022-29071Sensitive Information Exposure in Cloudvision Portal

CWE-200Sensitive Information ExposureCWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
CNA4.0
EPSS
0.0%
top 84.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arista Cloudvision PortalArista Networks Cloudvision Portal
Timeline
PublishedAug 5
Latest updateAug 6

Description

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDarista/cloudvision_portal2020.2.02022.1.0
CVEListV5arista_networks/cloudvision_portal5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-73jx-2vf6-7ffj: This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain2022-08-06
CVEList
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked i2022-08-05
CVE-2022-29071 — Sensitive Information Exposure | cvebase