Privileged Token Exposure in RackN Digital Rebar: Incorrect Access Control Vulnerability

Privileged Token Exposure in RackN Digital Rebar: Incorrect Access Control Vulnerability

CVE-2022-46383 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access.

Learn more about our Api Penetration Testing.