Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS00NGd2LWZnY2otdzU0Ns0g7w

Moderate EPSS: 0.00151% (0.36483 Percentile) EPSS:
Permalink JSON

Missing Authorization in DayByDay CRM

Affected Packages Affected Versions Fixed Versions
packagist:bottelet/flarepoint >= 2.0.0, < 2.2.1 2.2.1
0 Dependent packages
0 Dependent repositories
72 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.1.0, 2.2.0

All unaffected versions

1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 2.2.1

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.

References:

Identifiers

GHSA-44gv-fgcj-w546

CVE-2022-22107

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00151

EPSS Percentile: 0.36483

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Bottelet/DaybydayCRM

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON