exploitDog

CVE-2022-41708

Опубликовано: 19 окт. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.

Ссылки

https://fluidattacks.com/advisories/tiesto/
Exploit
Third Party Advisory
https://github.com/relatedcode/Messenger
Product
Third Party Advisory
https://fluidattacks.com/advisories/tiesto/
Exploit
Third Party Advisory
https://github.com/relatedcode/Messenger
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:relatedcode:messenger:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00122

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-281

CWE-281

Связанные уязвимости

GHSA-qrw5-w925-f5g8

CVSS3: 4.3

github

больше 3 лет назад

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.

EPSS

Процентиль: 32%

0.00122

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-281

CWE-281