CVE-2022-45177

Name
CVE-2022-45177
Description
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://www.gruppotim.it/it/footer/red-team.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:* vdesk >= None <= v031
cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:* vdesk >= None <= 031

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
vdesk edge-community 1.2-r1 ScrumpyJack <scrumpyjack@st.ilet.to> possibly vulnerable
vdesk 3.19-community 1.2-r1 ScrumpyJack <scrumpyjack@st.ilet.to> possibly vulnerable
vdesk 3.20-community 1.2-r1 ScrumpyJack <scrumpyjack@st.ilet.to> possibly vulnerable