CVE-2022-4858: 
M-Files Server vulnerability analysis and mitigation

The vulnerability CVE-2022-4858 is an Insertion of Sensitive Information into Log Files vulnerability affecting M-Files Server versions before 22.10.11846.0. The vulnerability was discovered and disclosed on December 30, 2022. This security flaw could potentially allow attackers to obtain sensitive tokens from logs when specific configurations are set (M-Files Advisory, NVD).

The vulnerability is classified as CWE-532 (Insertion of Sensitive Information into Log File) and has received varying CVSS severity ratings. The National Vulnerability Database (NVD) assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while M-Files Corporation assessed it at 4.4 (MEDIUM) with vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The vulnerability is associated with CAPEC-545 (Pull Data from System Resources) (NVD, M-Files Advisory).

The vulnerability allows users with lower privilege roles to access log files containing sensitive information that should be restricted. The main impact is the potential exposure of sensitive tokens stored in these log files, which could compromise system security (M-Files Advisory).

The vulnerability has been addressed in M-Files Server version 22.10.11846.0. Users should upgrade to this version or later to mitigate the risk (NVD).