CVE-2022-1775

moderate-risk
Published 2022-05-20

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.

Do I need to act?

-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 7099d084920b6a616bc03077aa149b690620b4d6
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Trudesk Project

References (4)

Patch https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c...
Exploit https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa
Patch https://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c...
Exploit https://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa
38
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal