Vulnerability Description
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoneminder | Zoneminder | <= 1.36.27 |
Related Weaknesses (CWE)
References
- https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297PatchThird Party Advisory
- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488ExploitPatchThird Party Advisory
- https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297PatchThird Party Advisory
- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488ExploitPatchThird Party Advisory
FAQ
What is CVE-2022-39289?
CVE-2022-39289 is a vulnerability with a CVSS score of 9.1 (CRITICAL). ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, mo...
How severe is CVE-2022-39289?
CVE-2022-39289 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-39289?
Check the references section above for vendor advisories and patch information. Affected products include: Zoneminder Zoneminder.