← Voltar para CVEs

CVE-2022-3741

CRITICAL

9.8

Descricao

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado10/28/2022

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

chatwoot:chatwoot

Fraquezas (CWE)

CWE-307CWE-307

Referencias

https://github.com/chatwoot/chatwoot/commit/9525d4f0346a2fdac13a0253f9180d20104a72d3(security@huntr.dev)

https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0(security@huntr.dev)

https://github.com/chatwoot/chatwoot/commit/9525d4f0346a2fdac13a0253f9180d20104a72d3(af854a3a-2127-422b-91ae-364da2661108)

https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.