CVE-2022-23055

Published Jun 22, 2022
Last updated a year ago
CVSS info 5.5
Overview

Description: In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users.
Source: vulnerabilitylab@mend.io
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:N
Weaknesses

vulnerabilitylab@mend.io: CWE-862
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBF3D7E6-2B29-4142-A007-F699140D1C9A",
            "versionEndExcluding": "13.1.0",
            "versionStartIncluding": "11.0.4"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B76E3184-E14E-485B-A108-C1F24850F77E"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9DCB37E-061E-44D6-A686-6464B5BE54D2"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93C2D6DF-B4E5-434B-8632-DB1DF10CE5E9"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C6F3220-13B5-4504-87DB-09495E5E1386"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6AFF494-240F-4981-B4EC-24771A6E1E4C"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69D3FEA8-FC3F-434E-AFA6-D03D8EFAC524"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9D81630-3EE2-498E-9A76-0F0C1CDD1A15"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3367D0E-5701-4FCA-8307-0FA7D25D71E3"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DBD878F-935B-427F-B6DF-4DA4356E9843"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAE5DFE4-55B8-4F68-8C3A-2CDC13D8A735"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F22BFC9-CA3D-4B57-AD93-1B5094D69508"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE5E71D9-CCD4-47F4-9AC8-4E4A112E9C0A"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA394555-C3A0-4142-B023-60A9014C87E8"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B5C737A-A824-4E7D-A8D6-A0E0A4AE710A"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33E4D6A6-2F64-4DB8-9946-5E54FE889E6C"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AAD166B-0B54-4D74-A61D-A17F34C403F6"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta24:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2856944B-7178-414D-B485-5B8C4D88E95D"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27EE33DF-6485-463D-BB51-33D4295D3E55"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta26:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBEED6D7-3EA2-4BC0-B7F8-5F104F90EB82"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta27:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5E9A6A8-A210-467F-888C-1327C8E5F5D0"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta28:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97CA5919-E7B0-417B-BF91-6B407F83F167"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta29:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0C2C925-F3D3-4C5D-A281-2BE62F32BB52"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0411AA32-05B2-49C2-A0DC-8F74BDABCA3B"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31D7C223-4E62-41E1-A88F-54DF1DFA9C75"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta31:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1686CCA-6C44-425C-B851-D429A5C550CF"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta32:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "873CA32C-42A6-4531-838A-E4B584AB389D"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta33:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17B6D20B-863A-48C0-8600-BE768498DBFF"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta34:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CA04572-0978-4378-A658-15896AFDEBFC"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta35:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8697CA97-1F21-4158-9773-BB67A250BDD7"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta36:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7746744-C5D1-459E-9574-ADC2FD24CED8"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta37:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F61D01B-BB6D-4A4E-9774-BEC19997A733"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE9DFDFA-9387-46C2-BC9C-58A90713F0E6"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86661EEC-799A-404B-A847-D91A00403F3C"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AFA67C7-6829-4160-A7C8-B3DD56E60CF3"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90E1D4DA-2D89-4CD5-B34F-33D96BD2C341"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B4BE801-0FF0-4B44-8DCF-E2805DCC39A6"
          },
          {
            "criteria": "cpe:2.3:a:frappe:erpnext:11.0.3:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4AE27CF-FCAF-4491-AAC1-8EB5E5C5FD6A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
