Search criteria
60 vulnerabilities found for trudesk by trudesk_project
FKIE_CVE-2021-45785
Vulnerability from fkie_nvd - Published: 2024-06-24 19:15 - Updated: 2024-11-21 06:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://1d8.github.io/cves/cve_2021_45785/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://1d8.github.io/cves/cve_2021_45785/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | 1.1.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C2D13A-912B-437C-BFA5-573732BD4A44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage."
},
{
"lang": "es",
"value": "TruDesk Help Desk/Ticketing Solution v1.1.11 es vulnerable a un ataque de Cross-Site Request Forgery (CSRF) que permitir\u00eda a un atacante reiniciar el servidor, provocando un ataque DoS. El atacante debe crear una p\u00e1gina web que realice una solicitud GET al endpoint /api/v1/admin/restart, luego la v\u00edctima (que tiene privilegios suficientes) visitar\u00e1 la p\u00e1gina y comenzar\u00e1 el reinicio del servidor. El atacante debe conocer la URL completa en la que se encuentra TruDesk para poder crear la p\u00e1gina web."
}
],
"id": "CVE-2021-45785",
"lastModified": "2024-11-21T06:33:02.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-24T19:15:11.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://1d8.github.io/cves/cve_2021_45785/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://1d8.github.io/cves/cve_2021_45785/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-26982
Vulnerability from fkie_nvd - Published: 2023-03-29 15:15 - Updated: 2025-02-18 17:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/bypazs/CVE-2023-26982 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/polonel/trudesk/releases/tag/v1.2.6 | Release Notes | |
| cve@mitre.org | https://trudesk.io/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bypazs/CVE-2023-26982 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/releases/tag/v1.2.6 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://trudesk.io/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | 1.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "304A2CB7-5AD2-497B-A322-C6B153EF5441",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function."
}
],
"id": "CVE-2023-26982",
"lastModified": "2025-02-18T17:15:16.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-29T15:15:07.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bypazs/CVE-2023-26982"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://trudesk.io/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bypazs/CVE-2023-26982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://trudesk.io/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-1719
Vulnerability from fkie_nvd - Published: 2022-09-29 03:15 - Updated: 2024-11-21 06:41
Severity ?
Summary
Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page"
},
{
"lang": "es",
"value": "Un ataque de tipo XSS reflejado en la funci\u00f3n ticket filter en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2. Esta vulnerabilidad es capaz de ejecutar un c\u00f3digo javascript malicioso en la p\u00e1gina web"
}
],
"id": "CVE-2022-1719",
"lastModified": "2024-11-21T06:41:19.147",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-29T03:15:15.190",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-1718
Vulnerability from fkie_nvd - Published: 2022-09-29 03:15 - Updated: 2024-11-21 06:41
Severity ?
Summary
The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n trudesk permite insertar caracteres grandes en el campo de entrada \"Full Name\" en el campo de registro, lo que puede permitir a atacantes causar una Denegaci\u00f3n de Servicio (DoS) por medio de una petici\u00f3n HTTP dise\u00f1ada en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2. Esto puede conllevar a una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-1718",
"lastModified": "2024-11-21T06:41:19.010",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-29T03:15:15.083",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-2128
Vulnerability from fkie_nvd - Published: 2022-06-20 17:15 - Updated: 2024-11-21 07:00
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B059E3C-427E-4142-88A1-E5BC70BE26FE",
"versionEndExcluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4."
},
{
"lang": "es",
"value": "Una Carga no Restringida de Archivos de Tipo Peligroso en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.4"
}
],
"id": "CVE-2022-2128",
"lastModified": "2024-11-21T07:00:22.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-20T17:15:08.713",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-2023
Vulnerability from fkie_nvd - Published: 2022-06-20 04:15 - Updated: 2024-11-21 07:00
Severity ?
Summary
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B059E3C-427E-4142-88A1-E5BC70BE26FE",
"versionEndExcluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4."
},
{
"lang": "es",
"value": "Un Uso Incorrecto de APIs Privilegiados en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.4"
}
],
"id": "CVE-2022-2023",
"lastModified": "2024-11-21T07:00:11.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-20T04:15:09.973",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-648"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-1947
Vulnerability from fkie_nvd - Published: 2022-05-31 23:15 - Updated: 2024-11-21 06:41
Severity ?
Summary
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Un uso de un Operador Incorrecto en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1947",
"lastModified": "2024-11-21T06:41:48.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T23:15:07.833",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-480"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-1808
Vulnerability from fkie_nvd - Published: 2022-05-31 22:15 - Updated: 2024-11-21 06:41
Severity ?
Summary
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/9-polonel/trudesk | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/9-polonel/trudesk | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Una Ejecuci\u00f3n con Privilegios no Necesarios en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1808",
"lastModified": "2024-11-21T06:41:30.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T22:15:08.640",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-1893
Vulnerability from fkie_nvd - Published: 2022-05-31 22:15 - Updated: 2024-11-21 06:41
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Una Exposici\u00f3n de Informaci\u00f3n Sensible a un Actor no Autorizado en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1893",
"lastModified": "2024-11-21T06:41:41.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T22:15:08.710",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-1926
Vulnerability from fkie_nvd - Published: 2022-05-31 09:15 - Updated: 2024-11-21 06:41
Severity ?
Summary
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Un Desbordamiento de enteros o Wraparound en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1926",
"lastModified": "2024-11-21T06:41:45.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T09:15:07.983",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-1931
Vulnerability from fkie_nvd - Published: 2022-05-31 02:15 - Updated: 2024-11-21 06:41
Severity ?
Summary
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D498F5B4-C37B-4226-A1FF-580B69B2AB0E",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3."
},
{
"lang": "es",
"value": "Una Sincronizaci\u00f3n Incorrecta en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3"
}
],
"id": "CVE-2022-1931",
"lastModified": "2024-11-21T06:41:46.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-31T02:15:07.303",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-821"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-662"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-1752
Vulnerability from fkie_nvd - Published: 2022-05-21 03:15 - Updated: 2024-11-21 06:41
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trudesk_project | trudesk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trudesk_project:trudesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129D9FED-E43F-47B1-8FB3-012D00E93181",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2."
},
{
"lang": "es",
"value": "Una Subida sin Restricciones de Archivos de Tipo Peligroso en el repositorio GitHub polonel/trudesk versiones anteriores a 1.2.2"
}
],
"id": "CVE-2022-1752",
"lastModified": "2024-11-21T06:41:23.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-21T03:15:51.087",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/polonel/trudesk/commit/d107f12e71c0fe1e7ac0fdc7463f59c4965a42cd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/66e9bfa9-598f-49ab-a472-752911df3f2d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-45785 (GCVE-0-2021-45785)
Vulnerability from cvelistv5 – Published: 2024-06-24 00:00 – Updated: 2024-08-04 04:54
VLAI?
Summary
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.
Severity ?
4.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trudesk_project:trudesk:1.1.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "trudesk",
"vendor": "trudesk_project",
"versions": [
{
"status": "affected",
"version": "1.1.11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-45785",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T14:56:30.554884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:58:10.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:29.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://1d8.github.io/cves/cve_2021_45785/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T18:58:17.226777",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://1d8.github.io/cves/cve_2021_45785/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45785",
"datePublished": "2024-06-24T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:29.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26982 (GCVE-0-2023-26982)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:33
VLAI?
Summary
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:01:32.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://trudesk.io/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bypazs/CVE-2023-26982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26982",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T16:32:47.380156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:33:56.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"url": "https://trudesk.io/"
},
{
"url": "https://github.com/bypazs/CVE-2023-26982"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26982",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:33:56.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2128 (GCVE-0-2022-2128)
Vulnerability from cvelistv5 – Published: 2022-06-20 16:45 – Updated: 2024-08-03 00:24
VLAI?
Title
Unrestricted Upload of File with Dangerous Type in polonel/trudesk
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
Severity ?
9.6 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T16:45:16",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
}
],
"source": {
"advisory": "ec40ec76-c7db-4384-a33b-024f3dd21d75",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2128",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.4"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"name": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
}
]
},
"source": {
"advisory": "ec40ec76-c7db-4384-a33b-024f3dd21d75",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2128",
"datePublished": "2022-06-20T16:45:16",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2023 (GCVE-0-2022-2023)
Vulnerability from cvelistv5 – Published: 2022-06-20 04:00 – Updated: 2024-08-03 00:24
VLAI?
Title
Incorrect Use of Privileged APIs in polonel/trudesk
Summary
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
Severity ?
10 (Critical)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648 Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T04:00:19",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
}
],
"source": {
"advisory": "0f35b1d3-56e6-49e4-bc5a-830f52e094b3",
"discovery": "EXTERNAL"
},
"title": "Incorrect Use of Privileged APIs in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2023",
"STATE": "PUBLIC",
"TITLE": "Incorrect Use of Privileged APIs in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.4"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648 Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"name": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
}
]
},
"source": {
"advisory": "0f35b1d3-56e6-49e4-bc5a-830f52e094b3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2023",
"datePublished": "2022-06-20T04:00:19",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1947 (GCVE-0-2022-1947)
Vulnerability from cvelistv5 – Published: 2022-05-31 22:20 – Updated: 2024-08-03 00:24
VLAI?
Title
Use of Incorrect Operator in polonel/trudesk
Summary
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
9.1 (Critical)
CWE
- CWE-480 - Use of Incorrect Operator
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:42.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480 Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T22:20:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
],
"source": {
"advisory": "cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"discovery": "EXTERNAL"
},
"title": "Use of Incorrect Operator in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1947",
"STATE": "PUBLIC",
"TITLE": "Use of Incorrect Operator in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-480 Use of Incorrect Operator"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"name": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
]
},
"source": {
"advisory": "cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1947",
"datePublished": "2022-05-31T22:20:11",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-08-03T00:24:42.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1808 (GCVE-0-2022-1808)
Vulnerability from cvelistv5 – Published: 2022-05-31 22:00 – Updated: 2024-08-03 00:16
VLAI?
Title
Execution with Unnecessary Privileges in polonel/trudesk
Summary
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
8.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T22:00:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
}
],
"source": {
"advisory": "9-polonel/trudesk",
"discovery": "EXTERNAL"
},
"title": "Execution with Unnecessary Privileges in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1808",
"STATE": "PUBLIC",
"TITLE": "Execution with Unnecessary Privileges in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9-polonel/trudesk",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"name": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
}
]
},
"source": {
"advisory": "9-polonel/trudesk",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1808",
"datePublished": "2022-05-31T22:00:13",
"dateReserved": "2022-05-20T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1893 (GCVE-0-2022-1893)
Vulnerability from cvelistv5 – Published: 2022-05-31 21:50 – Updated: 2024-08-03 00:17
VLAI?
Title
Improper Removal of Sensitive Information Before Storage or Transfer in polonel/trudesk
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
4.6 (Medium)
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:38:54.390Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
],
"source": {
"advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"discovery": "EXTERNAL"
},
"title": "Improper Removal of Sensitive Information Before Storage or Transfer \t in polonel/trudesk",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1893",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"name": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
]
},
"source": {
"advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1893",
"datePublished": "2022-05-31T21:50:10",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1926 (GCVE-0-2022-1926)
Vulnerability from cvelistv5 – Published: 2022-05-31 08:30 – Updated: 2024-08-03 00:17
VLAI?
Title
Integer Overflow or Wraparound in polonel/trudesk
Summary
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
7.6 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T08:30:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
}
],
"source": {
"advisory": "3fda8902-68ee-4734-86a3-9551ab17c893",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1926",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow or Wraparound in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"name": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
}
]
},
"source": {
"advisory": "3fda8902-68ee-4734-86a3-9551ab17c893",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1926",
"datePublished": "2022-05-31T08:30:12",
"dateReserved": "2022-05-28T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1931 (GCVE-0-2022-1931)
Vulnerability from cvelistv5 – Published: 2022-05-31 01:25 – Updated: 2024-08-03 00:17
VLAI?
Title
Incorrect Synchronization in polonel/trudesk
Summary
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
9.1 (Critical)
CWE
- CWE-821 - Incorrect Synchronization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-821",
"description": "CWE-821 Incorrect Synchronization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T01:25:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
}
],
"source": {
"advisory": "50c4cb63-65db-41c5-a16d-0560d7131fde",
"discovery": "EXTERNAL"
},
"title": "Incorrect Synchronization in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1931",
"STATE": "PUBLIC",
"TITLE": "Incorrect Synchronization in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-821 Incorrect Synchronization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"name": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
}
]
},
"source": {
"advisory": "50c4cb63-65db-41c5-a16d-0560d7131fde",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1931",
"datePublished": "2022-05-31T01:25:11",
"dateReserved": "2022-05-29T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45785 (GCVE-0-2021-45785)
Vulnerability from nvd – Published: 2024-06-24 00:00 – Updated: 2024-08-04 04:54
VLAI?
Summary
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.
Severity ?
4.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trudesk_project:trudesk:1.1.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "trudesk",
"vendor": "trudesk_project",
"versions": [
{
"status": "affected",
"version": "1.1.11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-45785",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T14:56:30.554884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:58:10.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:29.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://1d8.github.io/cves/cve_2021_45785/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T18:58:17.226777",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://1d8.github.io/cves/cve_2021_45785/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45785",
"datePublished": "2024-06-24T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:29.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26982 (GCVE-0-2023-26982)
Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:33
VLAI?
Summary
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:01:32.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://trudesk.io/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bypazs/CVE-2023-26982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26982",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T16:32:47.380156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:33:56.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/polonel/trudesk/releases/tag/v1.2.6"
},
{
"url": "https://trudesk.io/"
},
{
"url": "https://github.com/bypazs/CVE-2023-26982"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26982",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:33:56.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2128 (GCVE-0-2022-2128)
Vulnerability from nvd – Published: 2022-06-20 16:45 – Updated: 2024-08-03 00:24
VLAI?
Title
Unrestricted Upload of File with Dangerous Type in polonel/trudesk
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
Severity ?
9.6 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T16:45:16",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
}
],
"source": {
"advisory": "ec40ec76-c7db-4384-a33b-024f3dd21d75",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2128",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.4"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75"
},
{
"name": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb"
}
]
},
"source": {
"advisory": "ec40ec76-c7db-4384-a33b-024f3dd21d75",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2128",
"datePublished": "2022-06-20T16:45:16",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2023 (GCVE-0-2022-2023)
Vulnerability from nvd – Published: 2022-06-20 04:00 – Updated: 2024-08-03 00:24
VLAI?
Title
Incorrect Use of Privileged APIs in polonel/trudesk
Summary
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
Severity ?
10 (Critical)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648 Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T04:00:19",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
}
],
"source": {
"advisory": "0f35b1d3-56e6-49e4-bc5a-830f52e094b3",
"discovery": "EXTERNAL"
},
"title": "Incorrect Use of Privileged APIs in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2023",
"STATE": "PUBLIC",
"TITLE": "Incorrect Use of Privileged APIs in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.4"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648 Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3"
},
{
"name": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac"
}
]
},
"source": {
"advisory": "0f35b1d3-56e6-49e4-bc5a-830f52e094b3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2023",
"datePublished": "2022-06-20T04:00:19",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1947 (GCVE-0-2022-1947)
Vulnerability from nvd – Published: 2022-05-31 22:20 – Updated: 2024-08-03 00:24
VLAI?
Title
Use of Incorrect Operator in polonel/trudesk
Summary
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
9.1 (Critical)
CWE
- CWE-480 - Use of Incorrect Operator
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:42.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-480",
"description": "CWE-480 Use of Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T22:20:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
],
"source": {
"advisory": "cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"discovery": "EXTERNAL"
},
"title": "Use of Incorrect Operator in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1947",
"STATE": "PUBLIC",
"TITLE": "Use of Incorrect Operator in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-480 Use of Incorrect Operator"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1"
},
{
"name": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5"
}
]
},
"source": {
"advisory": "cb4d0ab3-51ba-4a42-9e38-ac0e544266f1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1947",
"datePublished": "2022-05-31T22:20:11",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-08-03T00:24:42.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1808 (GCVE-0-2022-1808)
Vulnerability from nvd – Published: 2022-05-31 22:00 – Updated: 2024-08-03 00:16
VLAI?
Title
Execution with Unnecessary Privileges in polonel/trudesk
Summary
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
8.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T22:00:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
}
],
"source": {
"advisory": "9-polonel/trudesk",
"discovery": "EXTERNAL"
},
"title": "Execution with Unnecessary Privileges in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1808",
"STATE": "PUBLIC",
"TITLE": "Execution with Unnecessary Privileges in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9-polonel/trudesk",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9-polonel/trudesk"
},
{
"name": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8"
}
]
},
"source": {
"advisory": "9-polonel/trudesk",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1808",
"datePublished": "2022-05-31T22:00:13",
"dateReserved": "2022-05-20T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1893 (GCVE-0-2022-1893)
Vulnerability from nvd – Published: 2022-05-31 21:50 – Updated: 2024-08-03 00:17
VLAI?
Title
Improper Removal of Sensitive Information Before Storage or Transfer in polonel/trudesk
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
4.6 (Medium)
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:38:54.390Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
],
"source": {
"advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"discovery": "EXTERNAL"
},
"title": "Improper Removal of Sensitive Information Before Storage or Transfer \t in polonel/trudesk",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1893",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"name": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
]
},
"source": {
"advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1893",
"datePublished": "2022-05-31T21:50:10",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1926 (GCVE-0-2022-1926)
Vulnerability from nvd – Published: 2022-05-31 08:30 – Updated: 2024-08-03 00:17
VLAI?
Title
Integer Overflow or Wraparound in polonel/trudesk
Summary
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
7.6 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T08:30:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
}
],
"source": {
"advisory": "3fda8902-68ee-4734-86a3-9551ab17c893",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1926",
"STATE": "PUBLIC",
"TITLE": "Integer Overflow or Wraparound in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893"
},
{
"name": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0"
}
]
},
"source": {
"advisory": "3fda8902-68ee-4734-86a3-9551ab17c893",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1926",
"datePublished": "2022-05-31T08:30:12",
"dateReserved": "2022-05-28T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1931 (GCVE-0-2022-1931)
Vulnerability from nvd – Published: 2022-05-31 01:25 – Updated: 2024-08-03 00:17
VLAI?
Title
Incorrect Synchronization in polonel/trudesk
Summary
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.
Severity ?
9.1 (Critical)
CWE
- CWE-821 - Incorrect Synchronization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| polonel | polonel/trudesk |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polonel/trudesk",
"vendor": "polonel",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-821",
"description": "CWE-821 Incorrect Synchronization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T01:25:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
}
],
"source": {
"advisory": "50c4cb63-65db-41c5-a16d-0560d7131fde",
"discovery": "EXTERNAL"
},
"title": "Incorrect Synchronization in polonel/trudesk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1931",
"STATE": "PUBLIC",
"TITLE": "Incorrect Synchronization in polonel/trudesk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polonel/trudesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-821 Incorrect Synchronization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde"
},
{
"name": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67"
}
]
},
"source": {
"advisory": "50c4cb63-65db-41c5-a16d-0560d7131fde",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1931",
"datePublished": "2022-05-31T01:25:11",
"dateReserved": "2022-05-29T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}