CVE-2022-22107

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-22107

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22107.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-22107

Aliases

GHSA-44gv-fgcj-w546

Published

2022-01-05T15:15:07Z

Modified

2024-05-30T03:30:11.821638Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.

References

Affected packages

Git / github.com/bottelet/daybydaycrm

Affected ranges

Type: GIT
Repo: https://github.com/bottelet/daybydaycrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a0392f4a4a14e1e3fedaf6817aefce69b6bd661b

Affected versions

1.*

1.1

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.2

1.3

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

2.*

2.0.0

2.1.0

2.2.0

CVE-2022-22107

Affected packages

Git / github.com/bottelet/daybydaycrm

Affected ranges

Affected versions

1.*

2.*

Other