Frappe » Erpnext » 11.0.3 beta35 : Security Vulnerabilities, CVEs,

cpe:2.3:a:frappe:erpnext:11.0.3:beta35:*:*:*:*:*:*

CVE-2022-23055

In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users.
Max CVSS
5.5
EPSS Score
0.05%
Published
2022-06-22
Updated
2022-10-29
1 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close