{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T01:02:33.073","vulnerabilities":[{"cve":{"id":"CVE-2022-23055","sourceIdentifier":"vulnerabilitylab@mend.io","published":"2022-06-22T09:15:08.007","lastModified":"2024-11-21T06:47:53.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users."},{"lang":"es","value":"En ERPNext, versiones v11.0.0-beta hasta v13.0.2, son vulnerables a una falta de autorización, en la funcionalidad chat rooms. Un atacante poco privilegiado puede enviar un mensaje directo o un mensaje de grupo a cualquier miembro o grupo, haciéndose pasar por el administrador. El atacante también puede leer los mensajes de chat de grupos a los que no pertenece, y de otros usuarios"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.4","versionEndExcluding":"13.1.0","matchCriteriaId":"BBF3D7E6-2B29-4142-A007-F699140D1C9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta1:*:*:*:*:*:*","matchCriteriaId":"B76E3184-E14E-485B-A108-C1F24850F77E"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta10:*:*:*:*:*:*","matchCriteriaId":"C9DCB37E-061E-44D6-A686-6464B5BE54D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta11:*:*:*:*:*:*","matchCriteriaId":"93C2D6DF-B4E5-434B-8632-DB1DF10CE5E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta12:*:*:*:*:*:*","matchCriteriaId":"0C6F3220-13B5-4504-87DB-09495E5E1386"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta13:*:*:*:*:*:*","matchCriteriaId":"D6AFF494-240F-4981-B4EC-24771A6E1E4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta14:*:*:*:*:*:*","matchCriteriaId":"69D3FEA8-FC3F-434E-AFA6-D03D8EFAC524"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta15:*:*:*:*:*:*","matchCriteriaId":"D9D81630-3EE2-498E-9A76-0F0C1CDD1A15"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta16:*:*:*:*:*:*","matchCriteriaId":"C3367D0E-5701-4FCA-8307-0FA7D25D71E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta17:*:*:*:*:*:*","matchCriteriaId":"1DBD878F-935B-427F-B6DF-4DA4356E9843"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta18:*:*:*:*:*:*","matchCriteriaId":"DAE5DFE4-55B8-4F68-8C3A-2CDC13D8A735"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta19:*:*:*:*:*:*","matchCriteriaId":"6F22BFC9-CA3D-4B57-AD93-1B5094D69508"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta2:*:*:*:*:*:*","matchCriteriaId":"FE5E71D9-CCD4-47F4-9AC8-4E4A112E9C0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta20:*:*:*:*:*:*","matchCriteriaId":"CA394555-C3A0-4142-B023-60A9014C87E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta21:*:*:*:*:*:*","matchCriteriaId":"6B5C737A-A824-4E7D-A8D6-A0E0A4AE710A"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta22:*:*:*:*:*:*","matchCriteriaId":"33E4D6A6-2F64-4DB8-9946-5E54FE889E6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta23:*:*:*:*:*:*","matchCriteriaId":"8AAD166B-0B54-4D74-A61D-A17F34C403F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta24:*:*:*:*:*:*","matchCriteriaId":"2856944B-7178-414D-B485-5B8C4D88E95D"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta25:*:*:*:*:*:*","matchCriteriaId":"27EE33DF-6485-463D-BB51-33D4295D3E55"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta26:*:*:*:*:*:*","matchCriteriaId":"FBEED6D7-3EA2-4BC0-B7F8-5F104F90EB82"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta27:*:*:*:*:*:*","matchCriteriaId":"C5E9A6A8-A210-467F-888C-1327C8E5F5D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta28:*:*:*:*:*:*","matchCriteriaId":"97CA5919-E7B0-417B-BF91-6B407F83F167"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta29:*:*:*:*:*:*","matchCriteriaId":"E0C2C925-F3D3-4C5D-A281-2BE62F32BB52"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta3:*:*:*:*:*:*","matchCriteriaId":"0411AA32-05B2-49C2-A0DC-8F74BDABCA3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta30:*:*:*:*:*:*","matchCriteriaId":"31D7C223-4E62-41E1-A88F-54DF1DFA9C75"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta31:*:*:*:*:*:*","matchCriteriaId":"C1686CCA-6C44-425C-B851-D429A5C550CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta32:*:*:*:*:*:*","matchCriteriaId":"873CA32C-42A6-4531-838A-E4B584AB389D"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta33:*:*:*:*:*:*","matchCriteriaId":"17B6D20B-863A-48C0-8600-BE768498DBFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta34:*:*:*:*:*:*","matchCriteriaId":"6CA04572-0978-4378-A658-15896AFDEBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta35:*:*:*:*:*:*","matchCriteriaId":"8697CA97-1F21-4158-9773-BB67A250BDD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta36:*:*:*:*:*:*","matchCriteriaId":"E7746744-C5D1-459E-9574-ADC2FD24CED8"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta37:*:*:*:*:*:*","matchCriteriaId":"1F61D01B-BB6D-4A4E-9774-BEC19997A733"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta4:*:*:*:*:*:*","matchCriteriaId":"EE9DFDFA-9387-46C2-BC9C-58A90713F0E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta5:*:*:*:*:*:*","matchCriteriaId":"86661EEC-799A-404B-A847-D91A00403F3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta6:*:*:*:*:*:*","matchCriteriaId":"2AFA67C7-6829-4160-A7C8-B3DD56E60CF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta7:*:*:*:*:*:*","matchCriteriaId":"90E1D4DA-2D89-4CD5-B34F-33D96BD2C341"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta8:*:*:*:*:*:*","matchCriteriaId":"8B4BE801-0FF0-4B44-8DCF-E2805DCC39A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:frappe:erpnext:11.0.3:beta9:*:*:*:*:*:*","matchCriteriaId":"B4AE27CF-FCAF-4491-AAC1-8EB5E5C5FD6A"}]}]}],"references":[{"url":"https://github.com/frappe/frappe/blob/v13.0.2/frappe/chat/doctype/chat_message/chat_message.py#L134","source":"vulnerabilitylab@mend.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/frappe/frappe/blob/v13.0.2/frappe/chat/doctype/chat_message/chat_message.py#L155","source":"vulnerabilitylab@mend.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.mend.io/vulnerability-database/CVE-2022-23055","source":"vulnerabilitylab@mend.io","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/frappe/frappe/blob/v13.0.2/frappe/chat/doctype/chat_message/chat_message.py#L134","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/frappe/frappe/blob/v13.0.2/frappe/chat/doctype/chat_message/chat_message.py#L155","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.mend.io/vulnerability-database/CVE-2022-23055","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}