CVE-2022-39289 CRITICAL

CVE-2022-39289: Database log access in ZoneMinder

Vendor Zoneminder

Product zoneminder

Weakness CWE-200 · Info exposure

Published October 7, 2022

Last update April 22, 2025

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Key dates

02Disclosure timeline

October 7, 2022 CVE published

April 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39289 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2022-39289

CWE CWE-200

CVSS 9.1 / CRITICAL

Affected versions

Vendor Zoneminder

Product zoneminder

Affected < 1.36.27

Vendor Zoneminder

Product zoneminder

Affected >= 1.37.0, < 1.37.24

CVE-2022-39289: Database log access in ZoneMinder

01Description

02Disclosure timeline

03References

04Related CVE