CVE-2022-33757
First published: Mon Oct 24 2022(Updated: )
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Nessus | <10.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-33757.
What is the severity of CVE-2022-33757?
The severity of CVE-2022-33757 is medium, with a severity value of 6.5.
What is the affected software for CVE-2022-33757?
The affected software for CVE-2022-33757 is Tenable Nessus up to version 10.2.0.
What is the impact of CVE-2022-33757?
The impact of CVE-2022-33757 is the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties.
How can I fix CVE-2022-33757?
To fix CVE-2022-33757, you should upgrade to a version of Tenable Nessus that is not affected by this vulnerability.
- collector/nvd-index
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/tenable
- canonical/tenable nessus