CVE-2022-46166

CVSS V2 None CVSS V3 None
Description
Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint.
Overview
  • CVE ID
  • CVE-2022-46166
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-09T21:15:14
  • Last Modified Date
  • 2022-12-13T15:19:27
Weakness Enumerations
CWE URL
CWE-94 http://cwe.mitre.org/data/definitions/94.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:codecentric:spring_boot_admin:*:*:*:*:*:*:*:* 1 OR 2.6.10
cpe:2.3:a:codecentric:spring_boot_admin:*:*:*:*:*:*:*:* 1 OR 2.7.0 2.7.8
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m1:*:*:*:*:*:* 1 OR
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m2:*:*:*:*:*:* 1 OR
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m3:*:*:*:*:*:* 1 OR
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m4:*:*:*:*:*:* 1 OR
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m5:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75
https://github.com/codecentric/spring-boot-admin/security/advisories/GHSA-w3x5-427h-wfq6
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-46166
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46166
History
Created Old Value New Value Data Type Notes
2022-12-09 22:14:47 Added to TrackCVE
2022-12-10 02:15:27 2022-12-09T21:15:14.843 2022-12-09T21:15:14 CVE Published Date updated
2022-12-10 02:15:27 2022-12-10T02:01:44 CVE Modified Date updated
2022-12-10 02:15:27 Received Awaiting Analysis Vulnerability Status updated
2022-12-12 01:14:47 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-13 16:18:06 2022-12-13T15:19:27 CVE Modified Date updated
2022-12-13 16:18:06 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-13 16:18:08 CPE Information updated