CVE-2022-39337

HIGH

Details

CVSS v3: 7.5
NVD published: 2023-12-22 15:15:07
EPSS: 0.2% probability · 45.1th percentile — 2026-03-20
Affected versions: cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*
Summary: Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue.
Remediation: Not available in our cache.
Exploit info: https://github.com/dromara/hertzbeat/issues/377

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.