Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39289

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Published

2022-10-07T21:15:11.553

Last Modified

2024-11-21T07:17:57.980

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-200
CWE-287
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zoneminder	zoneminder	≤ 1.36.27	Yes
Application	zoneminder	zoneminder	< 1.37.24	Yes

References

https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4 Patch, Third Party Advisory ([email protected])
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488 Exploit, Patch, Third Party Advisory ([email protected])
https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488 Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)