Skip to main content

Trudesk CVE-2022-1803

MEDIUM
Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
2022-05-20 security@huntr.dev
6.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

1
CVE Published
May 20, 2022 - 22:16 nvd
MEDIUM 6.9

DescriptionNVD

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.

AnalysisAI

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-1021. Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. Affected products include: Trudesk Project Trudesk. Version information: prior to 1.2.2..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-2128 CRITICAL POC
9.8 Jun 20

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical seve

CVE-2022-2023 CRITICAL POC
9.8 Jun 20

Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical severity (CVSS 9.8)

CVE-2022-1775 CRITICAL POC
9.8 May 20

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. Rated critical severity (CVSS 9.8), this

CVE-2022-1808 HIGH POC
8.8 May 31

Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. Rated high severity (CVSS 8.8

CVE-2022-1770 HIGH POC
8.8 May 20

Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity (CVSS 8.8), this

CVE-2022-1931 HIGH POC
8.1 May 31

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. Rated high severity (CVSS 8.1), this vuln

CVE-2022-1752 HIGH POC
8.0 May 21

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity

CVE-2022-1718 HIGH POC
7.5 Sep 29

The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can a

CVE-2022-1947 MEDIUM POC
6.5 May 31

Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. Rated medium severity (CVSS 6.5), this vu

CVE-2022-1754 MEDIUM POC
6.5 May 20

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.5), th

CVE-2022-1728 MEDIUM POC
6.5 May 16

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2

CVE-2022-1044 MEDIUM POC
6.5 May 12

Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. R

Share

CVE-2022-1803 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy