Lucene search

[email protected]NVD:CVE-2022-43340

HistoryOct 27, 2022 - 8:15 p.m.

CVE-2022-43340

2022-10-2720:15:34

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-43340

cross-site request forgery

dzzoffice 2.02.1_sc_utf8

user accounts

administrator rights

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.5%

JSON

A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.

Affected configurations

Nvd

Node

dzzofficedzzofficeMatch2.02.1

VendorProductVersionCPE
dzzofficedzzoffice2.02.1cpe:2.3:a:dzzoffice:dzzoffice:2.02.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dzzoffice	dzzoffice	2.02.1	cpe:2.3:a:dzzoffice:dzzoffice:2.02.1:::::::*

References

dzzoffice.com

github.com/zyx0814/dzzoffice

github.com/zyx0814/dzzoffice/issues/223

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.5%

JSON

Related for NVD:CVE-2022-43340

prion1 cvelist1 osv1 cve1