Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
CVE-2022-0482

9.1CRITICAL

Key Information:

Vendor: Alextselegidis
Status: Alextselegidis/easyappointments
Vendor: CVE Published:; 9 March 2022

🔔 Create Alextselegidis Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 90%

What is CVE-2022-0482?

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.

Affected Version(s)

alextselegidis/easyappointments < 1.4.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

exploit-CVE-2022-0482
Created by Acceis

References

https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978...

x_refsource_CONFIRM

https://github.com/alextselegidis/easyappointments/commit...

x_refsource_MISC

http://packetstormsecurity.com/files/166701/Easy-Appointm...

x_refsource_MISC

EPSS Score

90% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 13, 2022
👾
Exploit known to exist
Apr 13, 2022
Vulnerability published
Mar 9, 2022
Vulnerability Reserved
Feb 3, 2022

CVE-2022-0482 Data

JSON