var-202201-0633
Vulnerability from variot
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3. Used to connect many enterprise and multi-tenant service provider solutions. A remote attacker can view confidential configuration details of other tenants on the same system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0633",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "contrail service orchestration",
"scope": "lte",
"trust": 1.0,
"vendor": "juniper",
"version": "6.0.0"
},
{
"model": "contrail service orchestration",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "6.1.0"
},
{
"model": "contrail service orchestration",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b8\u30e5\u30cb\u30d1\u30fc\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9",
"version": null
},
{
"model": "contrail service orchestration",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b8\u30e5\u30cb\u30d1\u30fc\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9",
"version": "6.1.0 patch 3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"db": "NVD",
"id": "CVE-2022-22152"
}
]
},
"cve": "CVE-2022-22152",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2022-22152",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-409681",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-22152",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "sirt@juniper.net",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2022-22152",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22152",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22152",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "sirt@juniper.net",
"id": "CVE-2022-22152",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-22152",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1386",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-409681",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22152",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409681"
},
{
"db": "VULMON",
"id": "CVE-2022-22152"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1386"
},
{
"db": "NVD",
"id": "CVE-2022-22152"
},
{
"db": "NVD",
"id": "CVE-2022-22152"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant\u0027s firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3. Used to connect many enterprise and multi-tenant service provider solutions. A remote attacker can view confidential configuration details of other tenants on the same system",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22152"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"db": "VULHUB",
"id": "VHN-409681"
},
{
"db": "VULMON",
"id": "CVE-2022-22152"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22152",
"trust": 3.4
},
{
"db": "JUNIPER",
"id": "JSA11260",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003373",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1386",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022011708",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-06891",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-409681",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22152",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409681"
},
{
"db": "VULMON",
"id": "CVE-2022-22152"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1386"
},
{
"db": "NVD",
"id": "CVE-2022-22152"
}
]
},
"id": "VAR-202201-0633",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-409681"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:44:06.473000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA11260",
"trust": 0.8,
"url": "https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Contrail-Service-Orchestration-Tenants-able-to-see-other-tenants-policies-via-REST-API-interface-CVE-2022-22152?language=en_US"
},
{
"title": "Juniper Networks Contrail Service Orchestration Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179693"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22152"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1386"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-693",
"trust": 1.1
},
{
"problemtype": "Malfunction of protection mechanism (CWE-693) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409681"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"db": "NVD",
"id": "CVE-2022-22152"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://kb.juniper.net/jsa11260"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22152"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011708"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/693.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409681"
},
{
"db": "VULMON",
"id": "CVE-2022-22152"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1386"
},
{
"db": "NVD",
"id": "CVE-2022-22152"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-409681"
},
{
"db": "VULMON",
"id": "CVE-2022-22152"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1386"
},
{
"db": "NVD",
"id": "CVE-2022-22152"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-19T00:00:00",
"db": "VULHUB",
"id": "VHN-409681"
},
{
"date": "2022-01-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22152"
},
{
"date": "2023-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"date": "2022-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1386"
},
{
"date": "2022-01-19T01:15:08.133000",
"db": "NVD",
"id": "CVE-2022-22152"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-409681"
},
{
"date": "2022-01-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22152"
},
{
"date": "2023-02-16T00:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-003373"
},
{
"date": "2022-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1386"
},
{
"date": "2024-11-21T06:46:15.810000",
"db": "NVD",
"id": "CVE-2022-22152"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1386"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper\u00a0Networks\u00a0Contrail\u00a0Service\u00a0Orchestration\u00a0 Vulnerability regarding a defect in the protection mechanism in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003373"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1386"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…