CVE-2022-4766

EPSS 0.15%
Veröffentlicht 27.12.2022 13:15:11
Zuletzt bearbeitet 21.11.2024 07:35:53
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address this issue. The name of the patch is 082282e9dab43963e6c8f03cfaddd7921de377f4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216880.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dolibarr Project Timesheet Project ≫ Dolibarr Project Timesheet SwPlatformdolibarr Version < 4.5.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.356

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/delcroip/dolibarr_project_timesheet/commit/082282e9dab43963e6c8f03cfaddd7921de377f4

Patch

Third Party Advisory

https://github.com/delcroip/dolibarr_project_timesheet/pull/200

Patch

Third Party Advisory

https://github.com/delcroip/dolibarr_project_timesheet/releases/tag/4.5.6.a

Third Party Advisory

Release Notes

https://vuldb.com/?ctiid.216880

Third Party Advisory

https://vuldb.com/?id.216880