CVE-2022-33737Incorrect Ownership Assignment in Access Server

CWE-708Incorrect Ownership AssignmentCWE-532Log File Information Exposure2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openvpn Access Server
Timeline
PublishedJul 6
Latest updateJul 7

Description

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDopenvpn/openvpn_access_server2.10.02.11.0
CVEListV5openvpn/openvpn_access_serverfrom version 2.10.0 and before 2.11.0

🔴Vulnerability Details

1
GHSA
GHSA-4w83-67r9-g2c5: The OpenVPN Access Server installer creates a log file readable for everyone, which from version 22022-07-07
CVE-2022-33737 — Incorrect Ownership Assignment | cvebase