CVE-2022-44009

EPSS 0.21% · P43 Updated Apr 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-44009

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

StackStorm 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

StackStorm是一套事件驱动的自动化平台。该平台主要用于自动修复、安全响应、故障排除和程序部署等功能。 StackStorm 3.7.0版本存在安全漏洞，该漏洞源于Key-Value RBAC访问控制不当，没有检查Jinja过滤器中的权限，攻击者利用该漏洞可以访问其他用户的K/V对，可能导致敏感信息暴露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2022-44009

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-44009

请登录查看更多情报信息。

Same Patch Batch · n/a · 2022-12-05 · 35 CVEs total

CVE-2022-45019		SLiM SQL注入漏洞
CVE-2022-42705		Asterisk 资源管理错误漏洞
CVE-2022-42706		Asterisk 路径遍历漏洞
CVE-2022-43097		User Management System 跨站脚本漏洞
CVE-2022-43549		Veeam Backup for Google Cloud 授权问题漏洞
CVE-2022-43553		Ubiquiti EdgeRouters 安全漏洞
CVE-2022-43556		PortlandLabs Concrete CMS 跨站脚本漏洞
CVE-2022-43706		StackStorm 跨站脚本漏洞
CVE-2022-44039		Franklin Fueling System Colibri 安全漏洞
CVE-2022-4269		Linux kernel 安全漏洞
CVE-2022-45020		Rukovoditel 跨站脚本漏洞
CVE-2022-45283		GPAC 缓冲区错误漏洞
CVE-2022-45313		MikroTik RouterOS 缓冲区错误漏洞
CVE-2022-45769		ClicShopping 跨站脚本漏洞
CVE-2022-45771		Pwndoc 安全漏洞
CVE-2022-45912		Zimbra Collaboration Suite 代码问题漏洞
CVE-2022-45990		Ecommerce-Website 跨站脚本漏洞
CVE-2022-35258		Pulse Secure Pulse Connect Secure 安全漏洞
CVE-2021-39434		Zkteco BioTime 安全漏洞
CVE-2022-23143		ZTE OTCP 安全漏洞

Showing top 20 of 35 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2022-44009

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-44009

I. Basic Information for CVE-2022-44009

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-44009

III. Intelligence Information for CVE-2022-44009

Same Patch Batch · n/a · 2022-12-05 · 35 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-44009

Leave a comment