CVE-2022-3741
Last modified
CVE-2022-3741 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. EPSS estimates a 0.88% chance of exploitation in the next 30 days.
Description
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chatwoot | Chatwoot | < 2.10.0 |
References
- https://github.com/chatwoot/chatwoot/commit/9525d4f0346a2fdac13a0253f9180d20104a72d3Patch, Third Party Advisory
- https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0Exploit, Issue Tracking, Patch, Third Party Advisory
- https://github.com/chatwoot/chatwoot/commit/9525d4f0346a2fdac13a0253f9180d20104a72d3Patch, Third Party Advisory
- https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0Exploit, Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3741?
How severe is CVE-2022-3741?
How do I fix CVE-2022-3741?
Are you affected by CVE-2022-3741?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST