CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45785
https://notcve.org/view.php?id=CVE-2021-45785
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage. TruDesk Help Desk/Ticketing Solution v1.1.11 es vulnerable a un ataque de Cross-Site Request Forgery (CSRF) que permitiría a un atacante reiniciar el servidor, provocando un ataque DoS. El atacante debe crear una página web que realice una solicitud GET al endpoint /api/v1/admin/restart, luego la víctima (que tiene privilegios suficientes) visitará la página y comenzará el reinicio del servidor. • https://1d8.github.io/cves/cve_2021_45785 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2128 – Unrestricted Upload of File with Dangerous Type in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-2128
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. Una Carga no Restringida de Archivos de Tipo Peligroso en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.4 • https://github.com/polonel/trudesk/commit/fb2ef82b0a39d0a560a261e07c3c73ba25332ecb https://huntr.dev/bounties/ec40ec76-c7db-4384-a33b-024f3dd21d75 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2023 – Incorrect Use of Privileged APIs in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-2023
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. Un Uso Incorrecto de APIs Privilegiados en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.4 • https://github.com/polonel/trudesk/commit/83fd5a89319ba2c2f5934722e39b08aba9b3a4ac https://huntr.dev/bounties/0f35b1d3-56e6-49e4-bc5a-830f52e094b3 • CWE-269: Improper Privilege Management CWE-648: Incorrect Use of Privileged APIs •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1947 – Use of Incorrect Operator in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-1947
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. Un uso de un Operador Incorrecto en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3 • https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5 https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1 • CWE-480: Use of Incorrect Operator •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1808 – Execution with Unnecessary Privileges in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-1808
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. Una Ejecución con Privilegios no Necesarios en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.3 • https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8 https://huntr.dev/bounties/9-polonel/trudesk • CWE-250: Execution with Unnecessary Privileges •