CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2064 – Insufficient Session Expiration in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2064
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. Una Expiración de Sesión Insuficiente en el repositorio de GitHub nocodb/nocodb versiones anteriores a 0.91.7+ • https://github.com/nocodb/nocodb/commit/c9b5111b25aea2781e19395a8e9107ddbd235a2b https://huntr.dev/bounties/39523d51-fc5c-48b8-a082-171da79761bb • CWE-613: Insufficient Session Expiration •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2063 – Improper Privilege Management in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2063
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. Una Administración inapropiada de Privilegios en el repositorio de GitHub nocodb/nocodb versiones anteriores a 0.91.7+ • https://github.com/nocodb/nocodb/commit/269a19c2ad89a0e8a7596498e3806ff2ec1040c2 https://huntr.dev/bounties/156f405b-21d6-4384-9bff-17ebfe484e20 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2062 – Generation of Error Message Containing Sensitive Information in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2062
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. Una Exposición de Información Confidencial a un Actor no Autorizado en el repositorio de GitHub nocodb/nocodb versiones anteriores a 0.91.7+ • https://github.com/nocodb/nocodb/commit/a18f5dd53811b9ec1c1bb2fdbfb328c0c87d7fb4 https://huntr.dev/bounties/35593b4c-f127-4699-8ad3-f0b2203a8ef6 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2022 – Cross-site Scripting (XSS) - Stored in nocodb/nocodb
https://notcve.org/view.php?id=CVE-2022-2022
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio GitHub nocodb/nocodb versiones anteriores a 0.91.7 • https://github.com/nocodb/nocodb/commit/ffad5a318ad60d1da1c75dd28152827b94c92e9d https://huntr.dev/bounties/f6082949-40d3-411c-b613-23ada2691913 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22121 – NocoDB - CSV Injection in User Management
https://notcve.org/view.php?id=CVE-2022-22121
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed. En NocoDB, versiones 0.81.0 hasta 0.83.8, están afectadas por una vulnerabilidad de Inyección CSV (inyección de fórmulas). Un atacante con pocos privilegios puede crear una nueva tabla para inyectar cargas útiles en las filas de la tabla. • https://github.com/nocodb/nocodb/commit/079e3abe https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22121 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •