Lucene search

GitHub Advisory DatabaseGHSA-57Q5-H622-3CPX

HistoryApr 02, 2024 - 3:30 a.m.

UVDesk Community Helpdesk Improper Privilege Management

2024-04-0203:30:43

CWE-269

GitHub Advisory Database

github.com

uvdesk

community

helpdesk

privilege management

software

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Privilege Management in uvdesk/community-skeleton

Affected configurations

Vulners

Node

uvdeskcommunity-skeletonRange≤1.1.1

CPENameOperatorVersion
uvdesk/core-frameworkle1.1.1

CPE	Name	Operator	Version
	uvdesk/core-framework	le	1.1.1

References

github.com/advisories/GHSA-57q5-h622-3cpx

github.com/uvdesk/core-framework/blob/master/Controller/Thread.php#L44

huntr.com/bounties/faf74783-644c-40cd-aa98-2239e5fafcd1

nvd.nist.gov/vuln/detail/CVE-2024-3137

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for GHSA-57Q5-H622-3CPX