GSA_kwCzR0hTQS1xaG04LTY5cWgtZzc2as4AAuZO

High EPSS: 0.00373% (0.58167 Percentile) EPSS:

Permalink JSON

Missing password strength check in notrinos/notrinos-erp

Affected Packages	Affected Versions	Fixed Versions
packagist:notrinos/notrinos-erp	< 0.7	0.7
0 Dependent packages 0 Dependent repositories 337 Downloads total Affected Version Ranges All affected versions All unaffected versions

In versions of notrinos/notrinoserp prior to 0.7 new account passwords were missing a password strength check.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-2927
https://github.com/notrinos/notrinoserp/commit/e61e76b44c6a2b28a4a648a06ef34f65c376ec1e
https://huntr.dev/bounties/7fa956dd-f541-4dcd-987d-ba15caa6a886
https://github.com/advisories/GHSA-qhm8-69qh-g76j

Identifiers

GHSA-qhm8-69qh-g76j

CVE-2022-2927

Risk

Severity

High

EPSS

EPSS Percentage: 0.00373

EPSS Percentile: 0.58167

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/notrinos/notrinoserp

Date and time

Published

about 3 years ago

Updated

almost 3 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories