CVE-2022-22108

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-22108

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22108.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-22108

Aliases

GHSA-frxp-xxx8-hrg6

Published

2022-01-05T15:15:07.787Z

Modified

2026-03-14T11:26:53.907629Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.

References

Affected packages

Git / github.com/bottelet/daybydaycrm

Affected ranges

Type

GIT

Repo

https://github.com/bottelet/daybydaycrm

Events

Introduced

1ce74d1b3c991f4bbf6490cac4c7e63db78f6035

Last affected

830b3c52475441ea9dd619ac7630722299293cad

Fixed

fe842ea5ede237443f1f45a99aeb839133115d8b

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.2.0"
        }
    ]
}

Affected versions

2.*

2.0.0

2.1.0

2.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22108.json"