CVE-2022-33757

CWE-284Improper Access ControlCWE-269Improper Privilege Management3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 52.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenable, Inc. Tenable NessusTenable Nessus
Timeline
PublishedOct 25

Description

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDtenable/nessus< 10.2.0
CVEListV5tenable,_inc./tenable_nessus< 10.2.0

🔴Vulnerability Details

2
GHSA
GHSA-9gvf-7m63-wqh9: An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so2022-10-25
CVEList
CVE-2022-33757: An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so2022-10-24
CVE-2022-33757 (MEDIUM CVSS 6.5) | An authenticated attacker could rea | cvebase.io