CVE-2022-4823

Name of the Vulnerable Software and Affected Versions InSTEDD Nuntium (affected versions not specified)

Description A problematic issue was found in InSTEDD Nuntium, affecting an unknown function of the file app/controllers/geopoll controller.rb. The manipulation of the signature argument leads to observable timing discrepancy. It is possible to launch the attack remotely.

Recommendations To fix this issue, it is recommended to apply a patch with the name 77236f7fd71a0e2eefeea07f9866b069d612cf0d. As a temporary workaround, consider restricting access to the geopoll controller.rb file until a patch is applied.