First published: Thu May 26 2022(Updated: )
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC Cloud Link | <=7.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24414 is considered a high-severity vulnerability due to the potential exposure of sensitive auth tokens.
To fix CVE-2022-24414, ensure you are using Dell EMC CloudLink version 7.1.4 or later, which resolves the token exposure issue.
CVE-2022-24414 may allow attackers to exploit exposed auth tokens, potentially gaining unauthorized access to the CloudLink server.
Yes, CVE-2022-24414 affects Dell EMC CloudLink 7.1.3 and all earlier versions.
To mitigate CVE-2022-24414, avoid including auth tokens in GET request URLs to prevent logging in reverse proxies and server logs.