Lucene search

GitHub Advisory DatabaseGHSA-5CMW-FHQ9-8FHH

HistoryApr 01, 2022 - 12:00 a.m.

Type Confusion in LiveHelperChat

2022-04-0100:00:40

CWE-843

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

51.1%

JSON

Live Helper Chat provides live support for your website. Loose comparison causes IDOR on multiple endpoints in LiveHelperChat prior to 3.96. There is a fix released in versions 3.96 and 3.97. Currently, there is no known workaround.

Affected configurations

Vulners

Node

remdexlivehelperchatRange<3.96

CPENameOperatorVersion
remdex/livehelperchatlt3.96

CPE	Name	Operator	Version
	remdex/livehelperchat	lt	3.96

References

github.com/advisories/GHSA-5cmw-fhq9-8fhh

github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3

huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3

nvd.nist.gov/vuln/detail/CVE-2022-1176

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

51.1%

JSON

Related for GHSA-5CMW-FHQ9-8FHH