cvedb.io
CVE-2022-31066
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2022-06-14T22:15:10.380 · Last modified 2026-06-17T04:44:43.480

Summary

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message bus credentials when running in security-enabled mode. (No credentials are required when running in security-disabled mode.) As a result, attackers could intercept data or inject fake data into the EdgeX message bus. Users should upgrade to EdgeXFoundry Kamakura release (2.2.0) or to the June 2022 EdgeXFoundry LTS Jakarta release (2.1.1) to receive a patch. More inform

Affected products

edgexfoundry — edgex_foundry

Does this affect you?

Add your gear to cvedb and we'll alert you only when edgexfoundry ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.