# CVE-2022-37298: RCE in Shinken Monitoring 

**Versions affected:** 2.4.3  
**Disclosure link:**  
**CVE link:**  
## Description

The SafeUnpickler class found in shinken/ implements a weak authentication scheme (actually no authentication at all) when unserializing objects passed from legitimate monitoring nodes to the Shinken server. A remote attacker can craft and send a pickle object instantiating an internal, implicitly trusted Shinken object; some of which can be leveraged to execute arbitrary code on the monitoring server itself.

### Usage