Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22152

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.

Published

2022-01-19T01:15:08.133

Last Modified

2024-11-21T06:46:15.810

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-693

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	juniper	contrail_service_orchestration	≤ 6.0.0	Yes
Application	juniper	contrail_service_orchestration	6.1.0	Yes
Application	juniper	contrail_service_orchestration	6.1.0	Yes
Application	juniper	contrail_service_orchestration	6.1.0	Yes

References

https://kb.juniper.net/JSA11260 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA11260 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)