GHSA-44gv-fgcj-w546

Suggest an improvement
Source
https://github.com/advisories/GHSA-44gv-fgcj-w546
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-44gv-fgcj-w546/GHSA-44gv-fgcj-w546.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-44gv-fgcj-w546
Aliases
Published
2022-01-08T00:31:55Z
Modified
2023-11-08T04:08:11.425759Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Missing Authorization in DayByDay CRM
Details

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.

References

Affected packages

Packagist / bottelet/flarepoint

Package

Name
bottelet/flarepoint
Purl
pkg:composer/bottelet/flarepoint

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.2.1

Affected versions

2.*

2.0.0
2.1.0
2.2.0