CVE-2022-33757

CVSS 6.5 MEDIUMEPSS 0.8%CWE-284

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

24 Oct 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Tenable, Inc. · Tenable Nessus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tenable.com/security/tns-2022-11