CVE Vulnerability

CVE-2022-39281

fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/fatfreecrm/fat_free_crm/releases/tag/v0.20.1 Release Notes Third Party Advisory
https://github.com/fatfreecrm/fat_free_crm/commit/c85a2546348c2692d32f952c753f7f0b43d1ca71 Patch Third Party Advisory
https://github.com/fatfreecrm/fat_free_crm/security/advisories/GHSA-p75c-5x3h-cxcg Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:fatfreecrm:fatfreecrm:*:*:*:*:*:ruby:*:*
Information

Published : 2022-10-08 01:15

Updated : 2022-10-11 03:30

NVD link : CVE-2022-39281

Mitre link : CVE-2022-39281

Products Affected
No products.
CWE
NVD-CWE-noinfo