CVE-2022-48684 HIGH

CVE-2022-48684

Vendor N/A
Product n/a
Published April 27, 2024
Last update October 25, 2024

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:R

What the vulnerability does

01Description

An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user.

Key dates

02Disclosure timeline

April 27, 2024 CVE published
October 25, 2024 Record updated