Vulnerability Description
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Contrail Service Orchestration | <= 6.0.0 |
Related Weaknesses (CWE)
References
- https://kb.juniper.net/JSA11260Vendor Advisory
- https://kb.juniper.net/JSA11260Vendor Advisory
FAQ
What is CVE-2022-22152?
CVE-2022-22152 is a vulnerability with a CVSS score of 7.7 (HIGH). A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another te...
How severe is CVE-2022-22152?
CVE-2022-22152 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22152?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Contrail Service Orchestration.