Vulnerability Description
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Daybydaycrm | Daybyday Crm | >= 2.0.0, <= 2.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb83913PatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108Third Party Advisory
- https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb83913PatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108Third Party Advisory
FAQ
What is CVE-2022-22108?
CVE-2022-22108 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in th...
How severe is CVE-2022-22108?
CVE-2022-22108 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22108?
Check the references section above for vendor advisories and patch information. Affected products include: Daybydaycrm Daybyday Crm.