CVE-2022-3741

Published: Oct 28, 2022

Modified: May 9, 2025

PUBLISHED

CVSS v3.0

9.4

CRITICAL

Description

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.

Vendor	Product	Versions
chatwoot	chatwoot/chatwoot	affected `unspecified - < v2.10.0`

Weaknesses (CWE)

CWE-307

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

References

https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0

https://github.com/chatwoot/chatwoot/commit/9525d4f0346a2fdac13a0253f9180d20104a72d3

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-3741

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References