CVE-2022-22733

MEDIUM NUCLEI

Apache ShardingSphere ElasticJob-UI <= 3.0.0 - Authenticated Privilege Escalation via Guest Account

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-22733. PoCs published by Zeyad-Azima. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2022-22733 in Apache ShardingSphere ElasticJob-UI by leveraging privilege escalation via insecure access token decoding to extract root credentials, followed by a JDBC attack for RCE.

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.

Exploits (1)

nomisec WORKING POC 2 stars
by Zeyad-Azima · poc
https://github.com/Zeyad-Azima/CVE-2022-22733

This PoC exploits CVE-2022-22733 in Apache ShardingSphere ElasticJob-UI by leveraging privilege escalation via insecure access token decoding to extract root credentials, followed by a JDBC attack for RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache ShardingSphere ElasticJob-UI <= 3.0.0
Auth required
Prerequisites: Valid low-privileged credentials · Network access to the target · JDBC connection string for payload delivery
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache ShardingSphere ElasticJob-UI privilege escalation
MEDIUMVERIFIEDby Zeyad Azima
Shodan: http.favicon.hash:816588900
FOFA: icon_hash=816588900

References (2)

Core 2
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/qpdsm936n9bhksb0rzn6bq1h7ord2nm6
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/01/20/2

Scores

CVSS v3 6.5
EPSS 0.2090
EPSS Percentile 97.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
apache/shardingsphere_elasticjob-ui 3.0.0 (4 CPE variants)
Published Jan 20, 2022
Tracked Since Feb 18, 2026