Lucene search
GoogleOSV:GHSA-FRXP-XXX8-HRG6HistoryJan 08, 2022 - 12:31 a.m.
Missing Authorization in DayByDay CRM
2022-01-0800:31:52
Google
osv.dev
7
0.001 Low
EPSS
Percentile
19.5%
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bottelet/flarepoint | eq | 2.2.0 | |
| bottelet/flarepoint | eq | 2.0.0 | |
| bottelet/flarepoint | eq | 2.1.0 |
Related
cvelist
cvelist
CVE-2022-22108 DayByDay CRM - Missing Authorization when Viewing Absences
2022-01-05 15:05:18
nvd
nvd
CVE-2022-22108
2022-01-05 15:15:07
cnvd
cnvd
DayByDay CRM Information Disclosure Vulnerability (CNVD-2022-68548)
2022-01-06 00:00:00
github
github
Missing Authorization in DayByDay CRM
2022-01-08 00:31:52
osv
osv
CVE-2022-22108
2022-01-05 15:15:07
prion
prion
Authorization
2022-01-05 15:15:00
cve
cve
CVE-2022-22108
2022-01-05 15:15:07