CVE-2022-37298: Missing Authentication for Critical Function

October 20, 2022 (updated October 22, 2022)

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.

References

github.com/advisories/GHSA-p373-jqfm-j6wr
github.com/dbyio/cve-2022-37298
github.com/naparuba/shinken/commit/2dae40fd1e713aec9e1966a0ab7a580b9180cff2
nvd.nist.gov/vuln/detail/CVE-2022-37298

Code Behaviors & Features

Detect and mitigate CVE-2022-37298 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →