Exposure of Private Personal Information to an Unauthorized Actor

CVE-2022-2921

High

8.8/10

Summary

Exposure of Private Personal Information to an Unauthorized Actor in notrinos/notrinoserp. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes, and other permissive actions.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

References

Advisory Timeline

Published Aug 21, 2022

Exposure of Private Personal Information to an Unauthorized Actor

CVE-2022-2921

Summary

CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS