Vulnerability Description
Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Hertzbeat | < 1.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e4Patch
- https://github.com/dromara/hertzbeat/issues/377ExploitIssue Tracking
- https://github.com/dromara/hertzbeat/pull/382Issue TrackingPatch
- https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6Vendor Advisory
- https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e4Patch
- https://github.com/dromara/hertzbeat/issues/377ExploitIssue Tracking
- https://github.com/dromara/hertzbeat/pull/382Issue TrackingPatch
- https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6Vendor Advisory
FAQ
What is CVE-2022-39337?
CVE-2022-39337 is a vulnerability with a CVSS score of 7.5 (HIGH). Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vul...
How severe is CVE-2022-39337?
CVE-2022-39337 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39337?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Hertzbeat.