CVE-2022-2921

Summary

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.

Affected Software

VendorProductVersion RangeStatus
notrinosnotrinos/notrinoserpunspecified < 0.7affected

Weaknesses

  • CWE-359: CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

References