CVE-2022-3741
CVSS V2 None
CVSS V3 Critical 9.8
Description
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.
Overview
- CVE ID
- CVE-2022-3741
- Assigner
- security@huntr.dev
- Vulnerability Status
- Analyzed
- Published Version
- 2022-10-28T13:15:16
- Last Modified Date
- 2022-11-01T18:45:08
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:chatwoot:chatwoot:*:*:*:*:*:*:*:* | 1 | OR | 2.10.0 |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 9.8
- Base Severity
- CRITICAL
- Exploitability Score
- 3.9
- Impact Score
- 5.9
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-3741 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3741 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-10-28 14:00:18 | Added to TrackCVE | |||
| 2022-12-07 13:44:44 | 2022-10-28T13:15Z | 2022-10-28T13:15:16 | CVE Published Date | updated |
| 2022-12-07 13:44:44 | 2022-11-01T18:45:08 | CVE Modified Date | updated | |
| 2022-12-07 13:44:44 | Analyzed | Vulnerability Status | updated |