Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue.
References
Link | Resource |
---|---|
https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876 | Patch |
https://github.com/dromara/hertzbeat/issues/377 | Exploit Issue Tracking |
https://github.com/dromara/hertzbeat/pull/382 | Issue Tracking Patch |
https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-22T15:06:04.941Z
Updated: 2023-12-22T15:06:04.941Z
Reserved: 2022-09-02T14:16:35.876Z
Link: CVE-2022-39337
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-22T15:15:07.810
Modified: 2024-01-02T20:27:42.740
Link: CVE-2022-39337
JSON object: View
Redhat Information
No data.