CVE-2022-28802 - Vulnerability Details

Vendors	Products
Zapier	Code By Zapier

Link	Providers
https://www.zenity.io/blog/zapescape-organization-wide-control-over-code-by-zapier/
https://www.zenity.io/blog/zapescape-vulnerability-disclosure/

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-21T19:46:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.zenity.io/blog/zapescape-organization-wide-control-over-code-by-zapier/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zenity.io/blog/zapescape-vulnerability-disclosure/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28802", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.zenity.io/blog/zapescape-organization-wide-control-over-code-by-zapier/", "refsource": "MISC", "url": "https://www.zenity.io/blog/zapescape-organization-wide-control-over-code-by-zapier/"}, {"name": "https://www.zenity.io/blog/zapescape-vulnerability-disclosure/", "refsource": "MISC", "url": "https://www.zenity.io/blog/zapescape-vulnerability-disclosure/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:03:53.046Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zenity.io/blog/zapescape-organization-wide-control-over-code-by-zapier/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zenity.io/blog/zapescape-vulnerability-disclosure/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28802", "datePublished": "2022-09-21T19:46:28", "dateReserved": "2022-04-08T00:00:00", "dateUpdated": "2024-08-03T06:03:53.046Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zapier:code_by_zapier:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B4E1EBB-D5DC-4967-9B03-BB194D2DBEBE", "versionEndExcluding": "2022-08-17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)"}, {"lang": "es", "value": "Code by Zapier versiones anteriores a 17-08-2022, permit\u00eda una escalada de privilegios dentro de la cuenta que inclu\u00eda una ejecuci\u00f3n de c\u00f3digo Python o JavaScript. En otras palabras, Code by Zapier estaba proporcionando una m\u00e1quina virtual de prop\u00f3sito general controlada por el cliente que involuntariamente otorgaba acceso completo a todos los usuarios de la cuenta de una empresa, pero supon\u00eda que deb\u00eda hacer cumplir el control de acceso basado en roles dentro de la cuenta de esa empresa. En versiones anteriores a 17-08-2022, un cliente podr\u00eda haber resuelto esto usando (en efecto) una m\u00e1quina virtual separada para una aplicaci\u00f3n que contuviera credenciales -u otros secretos- que no deb\u00edan ser compartidos entre todos sus empleados. (Se habr\u00edan necesitado varias cuentas para operar estas m\u00e1quinas virtuales independientes)"}], "id": "CVE-2022-28802", "lastModified": "2024-11-21T06:57:57.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-21T20:15:10.027", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.zenity.io/blog/zapescape-organization-wide-control-over-code-by-zapier/"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.zenity.io/blog/zapescape-vulnerability-disclosure/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.zenity.io/blog/zapescape-organization-wide-control-over-code-by-zapier/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.zenity.io/blog/zapescape-vulnerability-disclosure/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object