Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.
References
Link | Resource |
---|---|
https://github.com/chatwoot/chatwoot/commit/9525d4f0346a2fdac13a0253f9180d20104a72d3 | Patch Third Party Advisory |
https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: @huntrdev
Published: 2022-10-28T00:00:00
Updated: 2022-10-28T00:00:00
Reserved: 2022-10-28T00:00:00
Link: CVE-2022-3741
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-28T13:15:16.870
Modified: 2022-11-01T18:45:08.013
Link: CVE-2022-3741
JSON object: View
Redhat Information
No data.
CWE