CVE-2022-33757

Summary

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.

Affected Software

VendorProductVersion RangeStatus
Tenable, Inc.Tenable Nessus0 < 10.2.0affected

Weaknesses

  • Broken Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References