Miggo Logo
Miggo Vulnerability Database
CVE-2022-37298

CVE-2022-37298: Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-37298
GHSA ID
GHSA-p373-jqfm-j6wr
EPSS Score
0.9734%
CWE
CWE-287
Published
10/20/2022
Updated
8/17/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Shinkenpip<= 2.4.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the SafeUnpickler's insecure deserialization implementation. The key issues are:

  1. Pre-patch code allowed any class from 'shinken.*' modules through the 'startswith('shinken.')' check
  2. The PICKLE_SAFE whitelist was incomplete, permitting dangerous classes like those in shinken.webui.bottle
  3. The test case demonstrates RCE via sys.path manipulation using Shinken's own modules
  4. The fix switched to an explicit allowlist of approved classes rather than trusting all Shinken submodules
  5. CWE-287 (Improper Authentication) maps directly to the insufficient validation during deserialization

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

S*ink*n Solutions S*ink*n Monitorin* V*rsion *.*.* *****t** is vuln*r**l* to In*orr**t ****ss *ontrol. T** `S***Unpi*kl*r` *l*ss *oun* in `s*ink*n/s***pi*kl*.py` impl*m*nts * w**k *ut**nti**tion s***m* w**n uns*ri*lizin* o*j**ts p*ss** *rom monitorin

Reasoning

T** vuln*r**ility st*ms *rom t** S***Unpi*kl*r's ins**ur* **s*ri*liz*tion impl*m*nt*tion. T** k*y issu*s *r*: *. Pr*-p*t** *o** *llow** *ny *l*ss *rom 's*ink*n.*' mo*ul*s t*rou** t** 'st*rtswit*('s*ink*n.')' ****k *. T** PI*KL*_S*** w*it*list w*s in*