Vulnerability Description
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chatwoot | Chatwoot | < 2.10.0 |
Related Weaknesses (CWE)
References
- https://github.com/chatwoot/chatwoot/commit/9525d4f0346a2fdac13a0253f9180d20104aPatchThird Party Advisory
- https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0ExploitIssue TrackingPatch
- https://github.com/chatwoot/chatwoot/commit/9525d4f0346a2fdac13a0253f9180d20104aPatchThird Party Advisory
- https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0ExploitIssue TrackingPatch
FAQ
What is CVE-2022-3741?
CVE-2022-3741 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the ...
How severe is CVE-2022-3741?
CVE-2022-3741 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-3741?
Check the references section above for vendor advisories and patch information. Affected products include: Chatwoot Chatwoot.