Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to Tenable, Inc. - Tenable Nessus

cve-2022-33757

Vulnerability from cvelistv5

Published

2022-10-24 21:12

Modified

2024-08-03 08:09

Severity ?

Summary

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.

References

▼	URL	Tags
	https://www.tenable.com/security/tns-2022-11	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Tenable, Inc.

Tenable Nessus

Version: 0 < 10.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Tenable Nessus",
          "vendor": "Tenable, Inc.",
          "versions": [
            {
              "lessThan": "10.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Broken Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-24T21:12:00",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.tenable.com/security/tns-2022-11"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2022-33757",
    "datePublished": "2022-10-24T21:12:00",
    "dateReserved": "2022-06-15T00:00:00",
    "dateUpdated": "2024-08-03T08:09:22.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}