CVE-2022-38359 - Vulnerability Details - OpenCVE

Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eyeofnetwork	Eyes Of Network Web

Configuration 1 [-]

cpe:2.3:a:eyeofnetwork:eyes_of_network_web:5.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.tenable.com/security/research/tra-2022-29

History

No history.

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2022-08-15T22:05:17

Updated: 2024-08-03T10:54:03.294Z

Reserved: 2022-08-15T00:00:00

Link: CVE-2022-38359

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-15T23:15:09.637

Modified: 2024-11-21T07:16:19.600

Link: CVE-2022-38359

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Eyes of Network", "vendor": "n/a", "versions": [{"status": "affected", "version": "5.3"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link."}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-15T22:05:17", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2022-29"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2022-38359", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eyes of Network", "version": {"version_data": [{"version_value": "5.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2022-29", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2022-29"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:54:03.294Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2022-29"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2022-38359", "datePublished": "2022-08-15T22:05:17", "dateReserved": "2022-08-15T00:00:00", "dateUpdated": "2024-08-03T10:54:03.294Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eyeofnetwork:eyes_of_network_web:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "C8236949-31F7-4A05-872D-01453F608A21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link."}, {"lang": "es", "value": "Pueden realizarse ataques de tipo cross-site request forgery contra la aplicaci\u00f3n web Eyes of Network, debido a la ausencia de protecciones adecuadas. Un atacante puede, por ejemplo, eliminar el usuario administrador dirigiendo a un usuario autenticado a la URL https://(target-address)/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit mediante un enlace dise\u00f1ado."}], "id": "CVE-2022-38359", "lastModified": "2024-11-21T07:16:19.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-15T23:15:09.637", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2022-29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2022-29"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}