CVE-2022-45183 Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID.

An attacker with a valid app token can retrieve other app tokens by ID (i.e. all user app tokens) via an HTTP web request. This can be used to escalate privileges in the Web Server. An attacker with a valid app token can retrieve other app tokens by ID (i.e. all user app tokens) via an HTTP web request. This can be used to escalate privileges in the Web Server.

This issue has been fixed in version 3.5.3. This issue has been fixed in version 3.5.3. This issue has been fixed in version 3.5.3. This issue has been fixed in version 3.5.3. This issue has been fixed in version 3.5.3. This issue has been fixed in version 3.5.3. This issue has been fixed in version 3.5.3. This issue has been fixed in version 3.5.3. This issue has been fixed in version 3.5.3. An attacker with a valid app token can retrieve other app tokens by ID (i.e. all user app tokens) via an HTTP web request. This can be used to escalate privileges in the Web Server. An attacker with a valid app token can retrieve other app tokens by ID (i.e. all user app tokens) via an HTTP web request. This can be used to escalate privileges in the Web Server. An attacker with a valid app token can retrieve other app tokens by ID

References

A full reference for this blog post can be found here:
https://www.bgr.com/2018/03/29/how-to-outsource-seo-correctly-avoid-the-5-most-common-mistakes/

Timeline

Published on: 11/14/2022 08:15:00 UTC
Last modified on: 11/16/2022 18:25:00 UTC

References

• https://docs.powershelluniversal.com/changelog
• https://blog.ironmansoftware.com/psu-2022-11-cve/
• https://ironmansoftware.com
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45183