logo

Database

Business information leak In motioneye

Description

MotionEye allows attackers to access sensitive information MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-255682. NVD-2022-255683. OSV-2022-255684. GCVE-2022-25568

References

1. https://github.com/ccrisan/motioneye/issues/22922. https://github.com/motioneye-project/motioneye/commit/c60b64af5bb8c09189071522a1f6796cb44340b03. https://github.com/pypa/advisory-database/tree/main/vulns/motioneye/PYSEC-2022-43141.yaml4. https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure5. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-25568.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-MW2JB – Vulnerability | Fluid Attacks Database