CVE-2022-28802
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-28802
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Zapier 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zapier是美国Zapier公司的一种产品。允许最终用户集成他们使用的 We b应用程序并使工作流程自动化。 Zapier 2022-08-17年之前版本存在安全漏洞,该漏洞源于编写的代码允许账户内权限升级。攻击者利用该漏洞执行Python或JavaScript代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2022-28802
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-28802
请登录查看更多情报信息。
- https://www.zenity.io/blog/zapescape-vulnerability-disclosure/x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-28802
Same Patch Batch · n/a · 2022-09-21 · 29 CVEs total
| CVE-2022-35621 | Evoh NFT EvohClaimable 安全漏洞 | |
| CVE-2022-41222 | Linux kernel 资源管理错误漏洞 | |
| CVE-2022-41218 | Linux kernel 资源管理错误漏洞 | |
| CVE-2022-37026 | Ericsson Erlang 授权问题漏洞 | |
| CVE-2022-41220 | md2roff 缓冲区错误漏洞 | |
| CVE-2022-38928 | XPDF 代码问题漏洞 | |
| CVE-2022-37246 | Pixel&tonic Craft CMS 跨站脚本漏洞 | |
| CVE-2022-37027 | Ahsay Systems Cloud Backup Suite 参数注入漏洞 | |
| CVE-2022-40026 | Simple Task Managing System SQL注入漏洞 | |
| CVE-2022-40027 | Simple Task Managing System 跨站脚本漏洞 | |
| CVE-2022-40028 | Simple Task Managing System 跨站脚本漏洞 | |
| CVE-2022-40029 | Simple Task Managing System 跨站脚本漏洞 | |
| CVE-2022-40030 | Simple Task Managing System SQL注入漏洞 | |
| CVE-2022-31679 | VMware Spring Data REST 安全漏洞 | |
| CVE-2022-28982 | Liferay Portal和Liferay DXP 跨站脚本漏洞 | |
| CVE-2022-29799 | FacturaScripts 路径遍历漏洞 | |
| CVE-2022-29800 | networkd-dispatcher 安全漏洞 | |
| CVE-2022-23948 | Keylime 安全漏洞 | |
| CVE-2021-43310 | Keylime 安全漏洞 | |
| CVE-2022-23949 | Keylime 安全漏洞 |
Showing top 20 of 29 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2022-28802
No comments yet