← Retour aux CVEs

CVE-2022-30034

HIGH

8.6

Description

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.

Details CVE

Score CVSS v3.18.6

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie6/2/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

flower_project:flower

Faiblesses (CWE)

CWE-287

References

http://githubcommherflower.com(cve@mitre.org)

https://github.com/mher/flower/issues/1217(cve@mitre.org)

https://tprynn.github.io/2022/05/26/flower-vulns.html(cve@mitre.org)

http://githubcommherflower.com(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/mher/flower/issues/1217(af854a3a-2127-422b-91ae-364da2661108)

https://tprynn.github.io/2022/05/26/flower-vulns.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.