CVE-2022-1397: API Privilege Escalation in alextselegidis/easyappointments
First published: Tue May 10 2022(Updated: )
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Easy!Appointments | <1.5.0 |
Remedy
https://github.com/alextselegidis/easyappointments/commit/63dbb51decfcc1631c398ecd6d30e3a337845526
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-1397?
CVE-2022-1397 is a vulnerability that allows API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to version 1.5.0, which can result in a full system takeover.
What is the severity of CVE-2022-1397?
The severity of CVE-2022-1397 is critical with a CVSS score of 8.8.
What software versions are affected by CVE-2022-1397?
The versions of Easyappointments affected by CVE-2022-1397 are prior to 1.5.0.
How can I fix CVE-2022-1397?
To fix CVE-2022-1397, you should update your Easyappointments software to version 1.5.0 or later.
Where can I find more information about CVE-2022-1397?
You can find more information about CVE-2022-1397 at the following references: [GitHub Commit](https://github.com/alextselegidis/easyappointments/commit/63dbb51decfcc1631c398ecd6d30e3a337845526) and [Huntr.dev Bounty](https://huntr.dev/bounties/5f69e094-ab8c-47a3-b01d-8c12a3b14c61).
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/easyappointments
- canonical/easy!appointments