Vulnerabilites related to trudesk_project - trudesk
CVE-2022-1719 (GCVE-0-2022-1719)
Vulnerability from cvelistv5
Published
2022-05-16 14:32
Modified
2024-08-03 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:39:31",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0"
}
],
"source": {
"advisory": "790ba3fd-41e9-4393-8e2f-71161b56279b",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS on ticket filter function in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1719",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS on ticket filter function in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b"
},
{
"name": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0"
}
]
},
"source": {
"advisory": "790ba3fd-41e9-4393-8e2f-71161b56279b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1719",
"datePublished": "2022-05-16T14:32:10",
"dateReserved": "2022-05-14T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1808 (GCVE-0-2022-1808)
Vulnerability from cvelistv5
Published
2022-05-31 22:00
Modified
2024-08-03 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Summary
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T22:00:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
}
],
"source": {
"advisory": "9-polonel/trudesk",
"discovery": "EXTERNAL"
},
"title": "Execution with Unnecessary Privileges in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1808",
"STATE": "PUBLIC",
"TITLE": "Execution with Unnecessary Privileges in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9-polonel/trudesk",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"name": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
}
]
},
"source": {
"advisory": "9-polonel/trudesk",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1808",
"datePublished": "2022-05-31T22:00:13",
"dateReserved": "2022-05-20T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26982 (GCVE-0-2023-26982)
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:01:32.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://trudesk.io/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bypazs/CVE-2023-26982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26982",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T16:32:47.380156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:33:56.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"url": "https://trudesk.io/"
},
{
"url": "https://github.com/bypazs/CVE-2023-26982"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26982",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:33:56.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1803 (GCVE-0-2022-1803)
Vulnerability from cvelistv5
Published
2022-05-20 21:40
Modified
2024-08-03 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Summary
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/47cc6621-2474-40f9-ab68-3cf62389a124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T21:40:18",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/47cc6621-2474-40f9-ab68-3cf62389a124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8"
}
],
"source": {
"advisory": "47cc6621-2474-40f9-ab68-3cf62389a124",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of Rendered UI Layers or Frames in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1803",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of Rendered UI Layers or Frames in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/47cc6621-2474-40f9-ab68-3cf62389a124",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/47cc6621-2474-40f9-ab68-3cf62389a124"
},
{
"name": "https://github.com/polonel/trudesk/commit/6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8"
}
]
},
"source": {
"advisory": "47cc6621-2474-40f9-ab68-3cf62389a124",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1803",
"datePublished": "2022-05-20T21:40:18",
"dateReserved": "2022-05-19T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1893 (GCVE-0-2022-1893)
Vulnerability from cvelistv5
Published
2022-05-31 21:50
Modified
2024-08-03 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:38:54.390Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
],
"source": {
"advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"discovery": "EXTERNAL"
},
"title": "Improper Removal of Sensitive Information Before Storage or Transfer \t in polonel/trudesk",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1893",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"name": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
]
},
"source": {
"advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1893",
"datePublished": "2022-05-31T21:50:10",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1775 (GCVE-0-2022-1775)
Vulnerability from cvelistv5
Published
2022-05-20 22:35
Modified
2024-08-03 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-521 - Weak Password Requirements
Summary
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T22:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53"
}
],
"source": {
"advisory": "0966043c-602f-463e-a6e5-9a1745f4fbfa",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1775",
"STATE": "PUBLIC",
"TITLE": "Weak Password Requirements in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa"
},
{
"name": "https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53"
}
]
},
"source": {
"advisory": "0966043c-602f-463e-a6e5-9a1745f4fbfa",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1775",
"datePublished": "2022-05-20T22:35:11",
"dateReserved": "2022-05-17T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2128 (GCVE-0-2022-2128)
Vulnerability from cvelistv5
Published
2022-06-20 16:45
Modified
2024-08-03 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T16:45:16",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
}
],
"source": {
"advisory": "ec40ec76-c7db-4384-a33b-024f3dd21d75",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2128",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.4"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"name": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
}
]
},
"source": {
"advisory": "ec40ec76-c7db-4384-a33b-024f3dd21d75",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2128",
"datePublished": "2022-06-20T16:45:16",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1770 (GCVE-0-2022-1770)
Vulnerability from cvelistv5
Published
2022-05-20 18:05
Modified
2024-08-03 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/74a252a2-8bf6-4f88-a180-b90338a239fa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/889876f66c9a5b28f019258e329310c31d72cbd2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T18:05:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/74a252a2-8bf6-4f88-a180-b90338a239fa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/889876f66c9a5b28f019258e329310c31d72cbd2"
}
],
"source": {
"advisory": "74a252a2-8bf6-4f88-a180-b90338a239fa",
"discovery": "EXTERNAL"
},
"title": "Improper Privilege Management in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1770",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/74a252a2-8bf6-4f88-a180-b90338a239fa",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/74a252a2-8bf6-4f88-a180-b90338a239fa"
},
{
"name": "https://github.com/polonel/trudesk/commit/889876f66c9a5b28f019258e329310c31d72cbd2",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/889876f66c9a5b28f019258e329310c31d72cbd2"
}
]
},
"source": {
"advisory": "74a252a2-8bf6-4f88-a180-b90338a239fa",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1770",
"datePublished": "2022-05-20T18:05:10",
"dateReserved": "2022-05-17T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1728 (GCVE-0-2022-1728)
Vulnerability from cvelistv5
Published
2022-05-16 14:55
Modified
2024-08-03 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:58.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3c6cb129-6995-4722-81b5-af052572b519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:55:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3c6cb129-6995-4722-81b5-af052572b519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
}
],
"source": {
"advisory": "3c6cb129-6995-4722-81b5-af052572b519",
"discovery": "EXTERNAL"
},
"title": "Allowing long password leads to denial of service in polonel/trudesk in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1728",
"STATE": "PUBLIC",
"TITLE": "Allowing long password leads to denial of service in polonel/trudesk in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3c6cb129-6995-4722-81b5-af052572b519",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3c6cb129-6995-4722-81b5-af052572b519"
},
{
"name": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
}
]
},
"source": {
"advisory": "3c6cb129-6995-4722-81b5-af052572b519",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1728",
"datePublished": "2022-05-16T14:55:13",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T00:16:58.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45785 (GCVE-0-2021-45785)
Vulnerability from cvelistv5
Published
2024-06-24 00:00
Modified
2024-08-04 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trudesk_project:trudesk:1.1.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "trudesk",
"vendor": "trudesk_project",
"versions": [
{
"status": "affected",
"version": "1.1.11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-45785",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T14:56:30.554884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:58:10.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:29.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://1d8.github.io/cves/cve_2021_45785/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T18:58:17.226777",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://1d8.github.io/cves/cve_2021_45785/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45785",
"datePublished": "2024-06-24T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:29.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1718 (GCVE-0-2022-1718)
Vulnerability from cvelistv5
Published
2022-05-16 14:32
Modified
2024-08-03 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:39:30",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895"
}
],
"source": {
"advisory": "1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e",
"discovery": "EXTERNAL"
},
"title": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1718",
"STATE": "PUBLIC",
"TITLE": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e"
},
{
"name": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895"
}
]
},
"source": {
"advisory": "1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1718",
"datePublished": "2022-05-16T14:32:17",
"dateReserved": "2022-05-14T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1931 (GCVE-0-2022-1931)
Vulnerability from cvelistv5
Published
2022-05-31 01:25
Modified
2024-08-03 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-821 - Incorrect Synchronization
Summary
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-821",
"description": "CWE-821 Incorrect Synchronization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T01:25:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
}
],
"source": {
"advisory": "50c4cb63-65db-41c5-a16d-0560d7131fde",
"discovery": "EXTERNAL"
},
"title": "Incorrect Synchronization in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1931",
"STATE": "PUBLIC",
"TITLE": "Incorrect Synchronization in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-821 Incorrect Synchronization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"name": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
}
]
},
"source": {
"advisory": "50c4cb63-65db-41c5-a16d-0560d7131fde",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1931",
"datePublished": "2022-05-31T01:25:11",
"dateReserved": "2022-05-29T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1045 (GCVE-0-2022-1045)
Vulnerability from cvelistv5
Published
2022-04-11 06:15
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < v1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "v1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T06:15:20",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997a"
}
],
"source": {
"advisory": "b0c4f992-4ac8-4479-82f4-367ed1a2a826",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .svg file upload in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1045",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .svg file upload in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.2.0"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826"
},
{
"name": "https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997a",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997a"
}
]
},
"source": {
"advisory": "b0c4f992-4ac8-4479-82f4-367ed1a2a826",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1045",
"datePublished": "2022-04-11T06:15:20",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1044 (GCVE-0-2022-1044)
Vulnerability from cvelistv5
Published
2022-05-12 08:10
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Summary
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < v1.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "v1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T08:10:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0"
}
],
"source": {
"advisory": "ff878be9-563a-4d0e-99c1-fc3c767f6d3e",
"discovery": "EXTERNAL"
},
"title": "Sensitive Data Exposure Due To Insecure Storage Of Profile Image in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1044",
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Exposure Due To Insecure Storage Of Profile Image in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.2.1"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e"
},
{
"name": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0"
}
]
},
"source": {
"advisory": "ff878be9-563a-4d0e-99c1-fc3c767f6d3e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1044",
"datePublished": "2022-05-12T08:10:10",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1290 (GCVE-0-2022-1290)
Vulnerability from cvelistv5
Published
2022-04-10 15:50
Modified
2024-08-02 23:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < v1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "v1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in \"Name\", \"Group Name\" \u0026 \"Title\" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-10T15:50:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec"
}
],
"source": {
"advisory": "da6d03e6-053f-43b6-99a7-78c2e386e3ed",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in \"Name\", \"Group Name\" \u0026 \"Title\" in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1290",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in \"Name\", \"Group Name\" \u0026 \"Title\" in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.2.0"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in \"Name\", \"Group Name\" \u0026 \"Title\" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed"
},
{
"name": "https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec"
}
]
},
"source": {
"advisory": "da6d03e6-053f-43b6-99a7-78c2e386e3ed",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1290",
"datePublished": "2022-04-10T15:50:09",
"dateReserved": "2022-04-10T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2023 (GCVE-0-2022-2023)
Vulnerability from cvelistv5
Published
2022-06-20 04:00
Modified
2024-08-03 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Summary
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648 Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T04:00:19",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
}
],
"source": {
"advisory": "0f35b1d3-56e6-49e4-bc5a-830f52e094b3",
"discovery": "EXTERNAL"
},
"title": "Incorrect Use of Privileged APIs in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2023",
"STATE": "PUBLIC",
"TITLE": "Incorrect Use of Privileged APIs in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.4"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648 Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"name": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
}
]
},
"source": {
"advisory": "0f35b1d3-56e6-49e4-bc5a-830f52e094b3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2023",
"datePublished": "2022-06-20T04:00:19",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1754 (GCVE-0-2022-1754)
Vulnerability from cvelistv5
Published
2022-05-20 07:05
Modified
2024-08-03 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2f65af7c-a74b-46a6-8847-5db6785f1cf2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T07:05:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2f65af7c-a74b-46a6-8847-5db6785f1cf2"
}
],
"source": {
"advisory": "2f65af7c-a74b-46a6-8847-5db6785f1cf2",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1754",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow or Wraparound in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
},
{
"name": "https://huntr.dev/bounties/2f65af7c-a74b-46a6-8847-5db6785f1cf2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2f65af7c-a74b-46a6-8847-5db6785f1cf2"
}
]
},
"source": {
"advisory": "2f65af7c-a74b-46a6-8847-5db6785f1cf2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1754",
"datePublished": "2022-05-20T07:05:10",
"dateReserved": "2022-05-17T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1926 (GCVE-0-2022-1926)
Vulnerability from cvelistv5
Published
2022-05-31 08:30
Modified
2024-08-03 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T08:30:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
}
],
"source": {
"advisory": "3fda8902-68ee-4734-86a3-9551ab17c893",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1926",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow or Wraparound in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"name": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
}
]
},
"source": {
"advisory": "3fda8902-68ee-4734-86a3-9551ab17c893",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1926",
"datePublished": "2022-05-31T08:30:12",
"dateReserved": "2022-05-28T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1752 (GCVE-0-2022-1752)
Vulnerability from cvelistv5
Published
2022-05-21 02:50
Modified
2024-08-03 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-21T02:50:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd"
}
],
"source": {
"advisory": "66e9bfa9-598f-49ab-a472-752911df3f2d",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1752",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d"
},
{
"name": "https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd"
}
]
},
"source": {
"advisory": "66e9bfa9-598f-49ab-a472-752911df3f2d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1752",
"datePublished": "2022-05-21T02:50:09",
"dateReserved": "2022-05-17T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1947 (GCVE-0-2022-1947)
Vulnerability from cvelistv5
Published
2022-05-31 22:20
Modified
2024-08-03 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-480 - Use of Incorrect Operator
Summary
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Version: unspecified < 1.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:42.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480 Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T22:20:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
],
"source": {
"advisory": "cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"discovery": "EXTERNAL"
},
"title": "Use of Incorrect Operator in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1947",
"STATE": "PUBLIC",
"TITLE": "Use of Incorrect Operator in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-480 Use of Incorrect Operator"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"name": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
]
},
"source": {
"advisory": "cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1947",
"datePublished": "2022-05-31T22:20:11",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-08-03T00:24:42.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-06-20 04:15
Modified
2024-11-21 07:00
Severity ?
Summary
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B059E3C-427E-4142-88A1-E5BC70BE26FE",
"versionEndExcluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4."
},
{
"lang": "es",
"value": "Un Uso Incorrecto de APIs Privilegiados en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.4"
}
],
"id": "CVE-2022-2023",
"lastModified": "2024-11-21T07:00:11.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-20T04:15:09.973",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-648"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-20 23:15
Modified
2024-11-21 06:41
Severity ?
Summary
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2."
},
{
"lang": "es",
"value": "Unos Requisitos de Contrase\u00f1a D\u00e9bil en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2"
}
],
"id": "CVE-2022-1775",
"lastModified": "2024-11-21T06:41:26.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T23:15:44.173",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-31 02:15
Modified
2024-11-21 06:41
Severity ?
Summary
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Una Sincronizaci\u00f3n Incorrecta en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1931",
"lastModified": "2024-11-21T06:41:46.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T02:15:07.303",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-821"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-662"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-29 03:15
Modified
2024-11-21 06:41
Severity ?
Summary
The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n trudesk permite insertar caracteres grandes en el campo de entrada \"Full Name\" en el campo de registro, lo que puede permitir a atacantes causar una Denegaci\u00f3n de Servicio (DoS) por medio de una petici\u00f3n HTTP dise\u00f1ada en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2. Esto puede conllevar a una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-1718",
"lastModified": "2024-11-21T06:41:19.010",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-29T03:15:15.083",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-31 22:15
Modified
2024-11-21 06:41
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Una Exposici\u00f3n de Informaci\u00f3n Sensible a un Actor no Autorizado en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1893",
"lastModified": "2024-11-21T06:41:41.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T22:15:08.710",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-31 09:15
Modified
2024-11-21 06:41
Severity ?
Summary
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Un Desbordamiento de enteros o Wraparound en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1926",
"lastModified": "2024-11-21T06:41:45.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T09:15:07.983",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-20 22:16
Modified
2024-11-21 06:41
Severity ?
Summary
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/47cc6621-2474-40f9-ab68-3cf62389a124 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/47cc6621-2474-40f9-ab68-3cf62389a124 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2."
},
{
"lang": "es",
"value": "Una Restricci\u00f3n Inapropiada de Capas o Marcos de Interfaz de Usuario Renderizados en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2"
}
],
"id": "CVE-2022-1803",
"lastModified": "2024-11-21T06:41:30.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T22:16:40.427",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/47cc6621-2474-40f9-ab68-3cf62389a124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/47cc6621-2474-40f9-ab68-3cf62389a124"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-31 23:15
Modified
2024-11-21 06:41
Severity ?
Summary
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Un uso de un Operador Incorrecto en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1947",
"lastModified": "2024-11-21T06:41:48.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T23:15:07.833",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-480"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-20 18:15
Modified
2024-11-21 06:41
Severity ?
Summary
Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/889876f66c9a5b28f019258e329310c31d72cbd2 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/74a252a2-8bf6-4f88-a180-b90338a239fa | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/889876f66c9a5b28f019258e329310c31d72cbd2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/74a252a2-8bf6-4f88-a180-b90338a239fa | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2."
},
{
"lang": "es",
"value": "Una Administraci\u00f3n Inadecuada de Privilegios en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2"
}
],
"id": "CVE-2022-1770",
"lastModified": "2024-11-21T06:41:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T18:15:07.947",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/889876f66c9a5b28f019258e329310c31d72cbd2"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/74a252a2-8bf6-4f88-a180-b90338a239fa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/889876f66c9a5b28f019258e329310c31d72cbd2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/74a252a2-8bf6-4f88-a180-b90338a239fa"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-12 08:15
Modified
2024-11-21 06:39
Severity ?
Summary
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBF100C-E862-4DEF-B671-D835208E9C4E",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1."
},
{
"lang": "es",
"value": "Una Exposici\u00f3n de datos Confidenciales debido al Almacenamiento no Seguro de la Imagen del Perfil en el repositorio de GitHub polonel/trudesk versiones anteriores a v1.2.1"
}
],
"id": "CVE-2022-1044",
"lastModified": "2024-11-21T06:39:55.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-12T08:15:07.277",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-29 03:15
Modified
2024-11-21 06:41
Severity ?
Summary
Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page"
},
{
"lang": "es",
"value": "Un ataque de tipo XSS reflejado en la funci\u00f3n ticket filter en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2. Esta vulnerabilidad es capaz de ejecutar un c\u00f3digo javascript malicioso en la p\u00e1gina web"
}
],
"id": "CVE-2022-1719",
"lastModified": "2024-11-21T06:41:19.147",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-29T03:15:15.190",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-29 15:15
Modified
2025-02-18 17:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bypazs/CVE-2023-26982 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/polonel/trudesk/releases/tag/v1.2.6 | Release Notes | |
| cve@mitre.org | https://trudesk.io/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bypazs/CVE-2023-26982 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/releases/tag/v1.2.6 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://trudesk.io/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | 1.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "304A2CB7-5AD2-497B-A322-C6B153EF5441",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function."
}
],
"id": "CVE-2023-26982",
"lastModified": "2025-02-18T17:15:16.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-29T15:15:07.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bypazs/CVE-2023-26982"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://trudesk.io/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bypazs/CVE-2023-26982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://trudesk.io/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-31 22:15
Modified
2024-11-21 06:41
Severity ?
Summary
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/9-polonel/trudesk | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/9-polonel/trudesk | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Una Ejecuci\u00f3n con Privilegios no Necesarios en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1808",
"lastModified": "2024-11-21T06:41:30.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T22:15:08.640",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-21 03:15
Modified
2024-11-21 06:41
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2."
},
{
"lang": "es",
"value": "Una Subida sin Restricciones de Archivos de Tipo Peligroso en el repositorio GitHub polonel/trudesk versiones anteriores a 1.2.2"
}
],
"id": "CVE-2022-1752",
"lastModified": "2024-11-21T06:41:23.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-21T03:15:51.087",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-16 15:15
Modified
2024-11-21 06:41
Severity ?
Summary
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/3c6cb129-6995-4722-81b5-af052572b519 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/3c6cb129-6995-4722-81b5-af052572b519 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
},
{
"lang": "es",
"value": "Permitiendo una contrase\u00f1a larga conlleva a una denegaci\u00f3n de servicio en polonel/trudesk en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2. Esta vulnerabilidad puede ser abusada al hacer un ataque DDoS por el cual usuarios genuinos no podr\u00e1n acceder a los recursos/aplicaciones"
}
],
"id": "CVE-2022-1728",
"lastModified": "2024-11-21T06:41:20.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T15:15:10.423",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3c6cb129-6995-4722-81b5-af052572b519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3c6cb129-6995-4722-81b5-af052572b519"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-20 17:15
Modified
2024-11-21 07:00
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B059E3C-427E-4142-88A1-E5BC70BE26FE",
"versionEndExcluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4."
},
{
"lang": "es",
"value": "Una Carga no Restringida de Archivos de Tipo Peligroso en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.4"
}
],
"id": "CVE-2022-2128",
"lastModified": "2024-11-21T07:00:22.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-20T17:15:08.713",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 07:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997a | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "485D4AC2-2B88-49BA-B298-AB78A027FCE8",
"versionEndExcluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de una carga de archivos .svg en el repositorio de GitHub polonel/trudesk versiones anteriores a v1.2.0"
}
],
"id": "CVE-2022-1045",
"lastModified": "2024-11-21T06:39:55.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T07:15:08.220",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997a"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-24 19:15
Modified
2024-11-21 06:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://1d8.github.io/cves/cve_2021_45785/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://1d8.github.io/cves/cve_2021_45785/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | 1.1.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C2D13A-912B-437C-BFA5-573732BD4A44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage."
},
{
"lang": "es",
"value": "TruDesk Help Desk/Ticketing Solution v1.1.11 es vulnerable a un ataque de Cross-Site Request Forgery (CSRF) que permitir\u00eda a un atacante reiniciar el servidor, provocando un ataque DoS. El atacante debe crear una p\u00e1gina web que realice una solicitud GET al endpoint /api/v1/admin/restart, luego la v\u00edctima (que tiene privilegios suficientes) visitar\u00e1 la p\u00e1gina y comenzar\u00e1 el reinicio del servidor. El atacante debe conocer la URL completa en la que se encuentra TruDesk para poder crear la p\u00e1gina web."
}
],
"id": "CVE-2021-45785",
"lastModified": "2024-11-21T06:33:02.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-24T19:15:11.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://1d8.github.io/cves/cve_2021_45785/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://1d8.github.io/cves/cve_2021_45785/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-10 16:15
Modified
2024-11-21 06:40
Severity ?
Summary
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "485D4AC2-2B88-49BA-B298-AB78A027FCE8",
"versionEndExcluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in \"Name\", \"Group Name\" \u0026 \"Title\" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado en \"Name\", \"Group Name\" \u0026amp; \"Title\" en el repositorio de GitHub polonel/trudesk versiones anteriores a v1.2.0. Esto permite a atacantes ejecutar scripts maliciosos en el navegador del usuario y puede conllevar a un secuestro de la sesi\u00f3n, una exposici\u00f3n de datos confidenciales y cosas peores"
}
],
"id": "CVE-2022-1290",
"lastModified": "2024-11-21T06:40:25.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-10T16:15:07.907",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-20 07:15
Modified
2024-11-21 06:41
Severity ?
Summary
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/2f65af7c-a74b-46a6-8847-5db6785f1cf2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/2f65af7c-a74b-46a6-8847-5db6785f1cf2 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2."
},
{
"lang": "es",
"value": "Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2"
}
],
"id": "CVE-2022-1754",
"lastModified": "2024-11-21T06:41:23.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T07:15:09.447",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2f65af7c-a74b-46a6-8847-5db6785f1cf2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/2f65af7c-a74b-46a6-8847-5db6785f1cf2"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}