Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-37298 PoC — Shinken 授权问题漏洞

Source
https://github.com/dbyio/cve-2022-37298
Associated Vulnerability
Title:Shinken 授权问题漏洞 (CVE-2022-37298)
Description:Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.
Description
CVE-2022-37298 Shinken Monitoring
Readme
# CVE-2022-37298: RCE in Shinken Monitoring 

**Versions affected:** 2.4.3  
**Disclosure link:** https://github.com/naparuba/shinken/commit/2dae40fd1e713aec9e1966a0ab7a580b9180cff2  
**CVE link:** https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37298  
  
## Description

The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme (actually no authentication at all) when unserializing objects passed from legitimate monitoring nodes to the Shinken server. A remote attacker can craft and send a pickle object instantiating an internal, implicitly trusted Shinken object; some of which can be leveraged to execute arbitrary code on the monitoring server itself.

### Usage
`python CVE-2022-37298.py` 

![poc](https://user-images.githubusercontent.com/12803470/199597211-e142b785-d457-4d06-8a26-3603ab014b09.gif)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →