Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-33757

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.

Published

2022-10-25T17:15:53.377

Last Modified

2025-05-07T14:15:31.673

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tenable	nessus	< 10.2.0	Yes

References

https://www.tenable.com/security/tns-2022-11 Vendor Advisory ([email protected])
https://www.tenable.com/security/tns-2022-11 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)