CVE-2022-31066

Published: 14/06/2022 Updated: 23/06/2022

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.4 | Impact Score: 2.5 | Exploitability Score: 1.8

VMScore: 320

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message bus credentials when running in security-enabled mode. (No credentials are required when running in security-disabled mode.) As a result, attackers could intercept data or inject fake data into the EdgeX message bus. Users should upgrade to EdgeXFoundry Kamakura release (2.2.0) or to the June 2022 EdgeXFoundry LTS Jakarta release (2.1.1) to receive a patch. More information about which go modules, docker containers, and snaps contain patches is available in the GitHub Security Advisory. There are currently no known workarounds for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
edgexfoundry edgex foundry

NVD-CWE-noinfo https://github.com/edgexfoundry/edgex-go/pull/4016 https://github.com/edgexfoundry/edgex-go/security/advisories/GHSA-g63h-q855-vp3q https://github.com/edgexfoundry/device-sdk-go/pull/1161 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-31066

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect