Vulnerability Details : CVE-2022-41708
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.
Products affected by CVE-2022-41708
- cpe:2.3:a:relatedcode:messenger:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-41708
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-41708
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2022-41708
-
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-41708
-
https://fluidattacks.com/advisories/tiesto/
relatedcode/Messenger 7bcd20b - Broken Access Control | Fluid AttacksExploit;Third Party Advisory
-
https://github.com/relatedcode/Messenger
GitHub - relatedcode/Messenger: Open source alternative communication platform.Product;Third Party Advisory
Jump to