CVE-2022-23055
ERPNEXT up to v13.0.2 has a Missing Authorization issue in the chat rooms feature. A low-privilege attacker can impersonate the administrator to send direct or group messages and can read chat messages from groups or users they do not belong to. Root cause described as missing authorization in th...