CVE-2022-33757
MEDIUMNessus < 10.2.0 - Authenticated Improper Access Control in Debug Log File Attachments
Title source: llmDescription
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.tenable.com/security/tns-2022-11
Scores
CVSS v3
6.5
EPSS
0.0025
EPSS Percentile
47.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
tenable/nessus
< 10.2.0
Published
Oct 25, 2022
Tracked Since
Feb 18, 2026