Vulnerability Details CVE-2022-22108
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.5%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108
- https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108
Products affected by CVE-2022-22108
-
cpe:2.3:a:daybydaycrm:daybyday_crm:2.2.0