Attacker Value
Moderate
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2022-0482

Disclosure Date: March 09, 2022
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.

Add Assessment

1
Ratings
Technical Analysis

It is exposing PII (Personally Identifiable Information) from registered events in the calendar but also usernames and password hashes for offline crack.

CVSS V3 Severity and Metrics
Base Score:
9.1 Critical
Impact Score:
5.2
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
None

General Information

Vendors

  • easyappointments

Products

  • easyappointments
Technical Analysis