CVE-2022-40774 An issue was discovered in Bento4 through 1.6.0-639

This issue can be mitigated by upgrading Bento4 through 1.6.0-639 to version 1.6.0-646. Bento4 through 1.6.0-639 is vulnerable. At the time of this advisory, there are no known issues for Bento4 through 1.6.0-646. The patched versions are: Bento4 through 1.6.0-646.

Appendix 1. Bento4 Version information Bento4 version information can be viewed at: /app/plugins/bento4/version.txt Bento4 through 1.6.0-646 is the currently recommended version.

Description

A security vulnerability has been discovered in the Bento4 plugin which could allow an authenticated user to gain privileges on a site that they should not have. This issue can be mitigated by upgrading Bento4 through 1.6.0-646 to version 1.6.0-646. The patched versions are: Bento4 through 1.6.0-646

Appendix 2: Mention in the blog post
The issue was discovered in the context of "Bento4 through 1.6.0-646" and it is targeted at "Bento4 version information."

References a

. CVE-2022-40774
b.
c. Bento4 Version information

Timeline

Published on: 09/18/2022 19:15:00 UTC
Last modified on: 09/21/2022 14:46:00 UTC

References

• https://github.com/axiomatic-systems/Bento4/issues/757
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40774