What is CVE-2022-22733?

CVE-2022-22733 is a vulnerability in Apache Software Foundation Shardingsphere Elasticjob-ui, classified under Information Disclosure. Published 2022-01-20.

Is CVE-2022-22733 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Apache Software Foundation Shardingsphere Elasticjob-ui

CVE-2022-22733

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apa…

Vulnerability class: Information Disclosure

EPSS: 0.783 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Shardingsphere Elasticjob-ui — versions Apache ShardingSphere ElasticJob-UI 3.x

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

lists.apache.org/thread/qpdsm936n9bhksb0rzn6bq1h7ord2nm6 (x_refsource_MISC)
[oss-security] 20220120 CVE-2022-22733: Apache ShardingSphere ElasticJob-UI: Access-Token in ElasticJob UI causes password disclosure (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2022-22733?: CVE-2022-22733 is a vulnerability in Apache Software Foundation Shardingsphere Elasticjob-ui, classified under Information Disclosure. Published 2022-01-20.
Is CVE-2022-22733 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.