PT-2022-26037 · Relatedcode · Relatedcode'S Messenger
Carlos Bello
·
Published
2022-10-19
·
Updated
2022-10-21
·
CVE-2022-41708
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Relatedcode's Messenger version 7bcd20b
Description
The issue allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.
Recommendations
For Relatedcode's Messenger version 7bcd20b, consider implementing proper permission validation to restrict access to chats in workspaces. As a temporary workaround, restrict access to sensitive workspaces until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Relatedcode'S Messenger