CVE-2022-39289

Summary

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Affected Software

VendorProductVersion RangeStatus
ZoneMinderzoneminder< 1.36.27affected
ZoneMinderzoneminder>= 1.37.0, < 1.37.24affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References