PT-2022-24867 · Unknown · Fat Free Crm
P-
·
Published
2022-10-07
·
Updated
2022-10-11
·
CVE-2022-39281
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
fat free crm versions prior to 0.20.1
Description
The issue allows an authenticated user to perform a remote Denial of Service attack against Fat Free CRM via bucket access. There are no known workarounds for this issue.
Recommendations
For versions prior to 0.20.1, upgrade to version 0.20.1 or apply the patch
c85a254 to resolve the issue. As a temporary workaround, consider restricting access to the bucket empty? function in the Task model until a patch is available.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fat Free Crm