Vulnerabilities > CVE-2022-44009 - Missing Authorization vulnerability in Stackstorm 3.7.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

stackstorm

CWE-862

NVD

Published: 2022-12-06

Updated: 2022-12-07

Summary

Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.

Vulnerable Configurations

Part	Description	Count
Application	Stackstorm Stackstorm Stackstorm 3.7.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://stackstorm.com/2022/12/v3-8-0-released/