CVE-2022-22108

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-22108

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22108.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-22108

Aliases

GHSA-frxp-xxx8-hrg6

Published

2022-01-05T15:15:07Z

Modified

2024-05-30T03:30:11.979129Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.

References

Affected packages

Git / github.com/bottelet/daybydaycrm

Affected ranges

Type: GIT
Repo: https://github.com/bottelet/daybydaycrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fe842ea5ede237443f1f45a99aeb839133115d8b

Affected versions

1.*

1.1

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.2

1.3

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

2.*

2.0.0

2.1.0

2.2.0

CVE-2022-22108

Affected packages

Git / github.com/bottelet/daybydaycrm

Affected ranges

Affected versions

1.*

2.*

Other