CVE-2022-29633
Description
An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linglong v1.0 contains an access control issue allowing attackers to access the application backend via a crafted cookie.
Vulnerability
An access control vulnerability exists in Linglong v1.0, an asset cruise scanning system. The issue allows attackers to bypass authentication and access the background management interface by crafting a malicious cookie. The affected version is v1.0 as described in the advisory [1].
Exploitation
An attacker with network access to the Linglong application can craft a specially designed cookie to bypass authentication controls, gaining unauthorized access to the backend without valid credentials. No further authentication or user interaction is required beyond sending the crafted request [1].
Impact
Successful exploitation enables an attacker to access the application's background management interface, potentially exposing sensitive configuration, asset data, scan results, and administrative functionalities. This could lead to further compromise of the managed assets and information disclosure [1].
Mitigation
As of the publication date (2022-05-26), no fixed version or patch has been released. Users should restrict network access to the Linglong application, implement additional authentication layers (e.g., reverse proxy with authentication), and monitor for unusual access patterns. The project repository [1] may provide future updates.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linglong/Linglongdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
0No linked articles in our index yet.